Apparatus and methods for content delivery and message exchange across multiple content delivery networks

ABSTRACT

Methods and apparatus for providing protected content to subscribers of a managed (e.g., MSO) network via a content source accessible via an internetwork such as the Internet. In one embodiment, a user accesses a programmer website, and requests content. The programmer determines whether the requesting user is permitted to access the content, and what rights or restrictions are associated with the user. This includes authenticating the user as a subscriber of the MSO, and determining the subscriber&#39;s subscription level. In another embodiment, a user&#39;s account with the MSO and programmer may be federated, thus a given user will have MSO-specific information regarding its identity (such as login information, GUID, etc.) and/or information regarding subscription level and service details, stored at the programmer. Messages received from the MSO representing permission for the user to access content may also be stored at the programmer site for later reference.

RELATED APPLICATIONS

This application is related to co-owned, co-pending U.S. patentapplication Ser. No. 12/536,724 filed on Aug. 6, 2009 and entitled“SYSTEM AND METHOD FOR MANAGING ENTITLEMENTS TO DATA OVER A NETWORK”,co-owned U.S. Provisional Application Ser. No. 61/256,903 filed on Oct.30, 2009 and entitled “METHODS AND APPARATUS FOR PACKETIZED CONTENTDELIVERY OVER A CONTENT DELIVERY NETWORK”, and to co-owned, co-pendingU.S. patent application Ser. No. ______ filed concurrently herewith andentitled “APPARATUS AND METHODS FOR CONTENT MANAGEMENT AND ACCOUNTLINKING ACROSS MULTIPLE CONTENT DELIVERY NETWORKS”, each of theforegoing which is incorporated herein by reference in its entirety.

COPYRIGHT

A portion of the disclosure of this patent document contains materialthat is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent files or records, but otherwise reserves all copyrightrights whatsoever.

BACKGROUND OF THE INVENTION

1. Field of Invention

The present invention relates generally to the field of content and/ordata delivery over one or more networks. More particularly, the presentinvention is related in one exemplary aspect to apparatus and methodsfor content delivery and message exchange across these networks.

2. Description of Related Technology

Recent advances in digital information processing and technology havemade a whole range of services and functions available for delivery toconsumers at various types devices for very reasonable prices orsubscription fees. These services and functions include digital contentor programming (movies, etc.), digital video-on-demand (VOD), personalvideo recorder (PVR) and networked PVR (nPVR), Internet Protocoltelevision (IPTV), digital media playback and recording, as well highspeed Internet access (including so-called “Internet TV”, wheretelevision programming is delivered over the Internet without QoS) andIP-based telephony (e.g., VoIP). Other services available to networkusers include access to, and recording of, digital music (e.g., MP3files).

Currently, many of these services are provided to the user via a widevariety of different equipment environments and delivery paradigmsincluding, inter alia, cable or satellite modems or QAMs, HFCu (i.e.,Hybrid Fiber-copper distribution via indigenous POST/PSTN and/or coaxialwiring in a premises), optical fiber such as FTTC, FTTH, etc., Wi-Fi™hubs, Ethernet hubs, gateways, switches, and routers, to a plurality ofuser equipment types. For example, content may be delivered to users atset-top boxes, personal (desktop) computers, laptop computers, othermini-computers (such as so-called “netbooks”, mini-notebook computers),and/or other devices. Recent advances in consumer electronics have alsoled to the widespread introduction of a variety of portable mediadevices (PMDs) such as, inter alia, portable digital music devices suchas the well known Apple iPod™ and other so-called “MP3 players”,cellular telephones/smartphones, handheld computers, and personaldigital assistants (PDA), which allow users to store and playback audioand video files. Furthermore, many users today wish to view at leastsome content via the Internet.

Although a myriad of services, equipment, data formats and providers areavailable, current systems offer no mechanism for a managed networkoperator (e.g., MSO) to partner with programmers (content producers) inorder to allow users who are verified as subscribers of the MSO networkto utilize and purchase content from the network (such as via asubscription, pay-per-view, etc.), and to be able to view this contentvia the Internet or another such external or internetwork via partneredprogrammer websites.

Hence, methods and apparatus are needed which enable a partneredprogrammer to, either on its own or through communication with thenetwork operator, determine if an identified potential viewer ofInternet content already subscribes to this content through the MSO, andif so provide the content (e.g., according to one or more deliverymodels associated with the user's subscription). Such methods andapparatus would advantageously enable a user to receive content on anydevice and via any delivery paradigm, thereby enhancing the userexperience by no longer anchoring the user to a fixed location. Ideally,the aforementioned methods and apparatus might also allow users toaccess real-time and scheduled content from multiple viewing mediumswithout being restricted to fixed schedules, and further enable users toachieve geographical independence via use of mobile technology whichprovides enhanced flexibility over traditional means of videodistribution. Furthermore, the ideal solution would include enhancedaccess to premium-based content which not available to non-subscribers,or which cannot be delivered across traditional transport (i.e., behindthe scenes outtakes, alternate endings, actor interviews, etc.).

SUMMARY OF THE INVENTION

The present invention addresses the foregoing needs by disclosing, interalia, apparatus and methods for content management and message exchangebetween entities of two networks.

In a first aspect of the invention, a method for determining contentpermission(s) is disclosed. In one embodiment, the determination is madeat a content distribution network entity, and the permission relates toaccess of protected content from a remote source via an internetwork(e.g., the Internet). In one variant, the method comprises: receiving atthe network entity a communication relating to a request for theprotected content from a user device, the communication being sent tothe content distribution network entity from an entity associated withthe remote source; determining whether the user device is associated tothe subscriber of the content distribution network; if the user deviceis associated to the subscriber, determining whether the protectedcontent is within an approved level of service of the subscriber; and ifthe protected content is within the approved level of service of thesubscriber, transmitting a message to the entity associated with theremote source, the message causing the remote source to deliver theprotected content to the user device.

In a second aspect of the invention, an apparatus for managing deliveryof a plurality of protected content from a remote device is disclosed.In one embodiment, the remote device comprises a content server, and theapparatus comprises: at least one first interface for receiving aplurality of information from a user device, the information comprising:information identifying a user of the user device; and informationidentifying a particular one of the plurality of protected contentrequested by the user; a first computer program configured to utilizethe information identifying the user to determine whether the user isamong the plurality of entitled users; a second computer programconfigured to utilize the information identifying the user and theinformation identifying the particular one of the plurality of protectedcontent to determine whether the particular one of the plurality ofprotected content is within an authorized service class for the user;and at least one second interface for transmitting at least one messageto a remote content server. The at least one message causes the remotecontent sever to: (i) provide the protected content to the user device,or (ii) to deny the user device the protected content. The message maybe based at least in part on the determination of whether the user isamong the plurality of entitled users, and/or on the determination ofwhether the particular one of the plurality of protected content iswithin the authorized service class for the user.

In a third aspect of the invention, a method for determining whether auser is permitted in a first network to access protected contentassociated with a second network is disclosed. In one embodiment, themethod comprises: receiving a request for the protected content from theuser in the first network; determining the second network to which theuser is associated; sending a message to the second network, the messagecomprising: login and password information entered by the user; and therequest for the protected content; and receiving, in response to themessage, a message indicating whether the user is permitted in the firstnetwork to access the protected content associated with the secondnetwork.

In a fourth aspect of the invention, a method of determining whether aparticular one of a plurality of protected content may be provided to auser via a first network based at least in part on service details ofthe user in a second network is disclosed. In one embodiment, the methodcomprises: receiving a request for authorization of the user's access tothe particular one of the plurality of protected content from an entityof the first network, the request for authorization comprising at leasta globally unique identifier (GUID) associated with the user andinformation identifying the particular one of the plurality of protectedcontent; determining in response to the request, whether a session hasbeen established by the user and the second network; determining asubscriber identity within the second network based at least in part onthe GUID; retrieving the service details associated with the user;comparing the service details to the information identifying theparticular one of the plurality of protected content; and if the servicedetails match the information identifying the particular one of theplurality of protected content, providing a message enabling theparticular one of the plurality of protected content to be delivered tothe user via the first network.

In a fifth aspect of the invention, a method for enabling thedistribution of protected content associated with a managed contentdistribution network to subscribers of the network is disclosed. In oneembodiment, the method comprises receiving a communication relating to arequest for the protected content from a subscriber, the communicationbeing sent from an entity associated with a third party content sourcethat has access to the protected content; determining whether theprotected content is authorized for delivery to the subscriber; and ifthe protected content is authorized, causing the third party contentsource to deliver the protected content to the subscriber (e.g., via theInternet).

In a sixth aspect of the invention, a computer readable apparatus isdisclosed. In one embodiment, the apparatus comprises a storage medium,the medium comprising at least one computer program adapted for use inmanaging remote requests for protected content of a managed contentdistribution network. The program comprises first logic configured toprocess a received content request from a third party entity, therequest being generated at least in part using network subscriber logininformation; second logic configured to utilize at least portions of thelogin information to access a subscriber database maintained by thenetwork; third logic configured to determine, based on the access andthe at least portions of the login information, whether the subscriberis entitled to access the protected content; and fourth logic configuredto cause issuance of a message to the third party entity authorizing ordenying provision of the requested content to the subscriber by thethird party entity.

In a seventh aspect of the invention, a client device having a processorconfigured to run at least one client application thereon is disclosed.In one embodiment, the client application follows appropriate protocolfor sending requests for content and receiving requested content as wellas for providing additional information to the network to facilitateauthentication and authorization. In another embodiment, the clientapplication is configured to collect information regarding the user'sactions with respect to content, and pass this information upstream. Inone variant this information is used to make business decisionsincluding e.g., secondary content insertion decisions.

In an eighth aspect of the invention, a business and operation “rules”engine is disclosed. In one embodiment, the engine comprises one or morecomputer programs adapted to control various aspects of content andmessage exchange between two entities so as to achieve desired businessor operation goals (or obey certain rules).

In a ninth aspect of the invention, methods of doing business relatingto content provision and permissions are disclosed.

These and other aspects of the invention shall become apparent whenconsidered in light of the disclosure provided herein.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a functional block diagram illustrating an exemplary hybridfiber network configuration useful with the present invention.

FIG. 1 a is a functional block diagram illustrating one exemplarynetwork headend configuration useful with the present invention.

FIG. 1 b is a functional block diagram illustrating one exemplary localservice node configuration useful with the present invention.

FIG. 1 c is a functional block diagram illustrating one exemplarypacketized content delivery network architecture useful with the presentinvention.

FIG. 2 is a functional block diagram illustrating a content delivery andmessage exchange network architecture configured in accordance with oneembodiment of the present invention.

FIG. 2 a is a functional block diagram illustrating a first exemplaryuse case of the content delivery and message exchange networkarchitecture of FIG. 2.

FIG. 2 b is a functional block diagram illustrating a second exemplaryuse case of the content delivery and message exchange networkarchitecture of FIG. 2.

FIG. 2 c is a functional block diagram illustrating a third exemplaryuse case of the content delivery and message exchange networkarchitecture of FIG. 2.

FIG. 2 d is a functional block diagram illustrating a detailed view ofthe MSO entities of the network of FIG. 2 that are utilized for contentdelivery.

FIG. 2 e is a functional block diagram illustrating an exemplary loadbalancer for use in one embodiment of the present invention.

FIG. 3 is a logical flow diagram illustrating an exemplary method forconnecting and establishing a relationship between the MSO and aprogrammer according to the present invention.

FIG. 4 is a logical flow diagram illustrating an exemplary method forcreating a digital identity according to the present invention.

FIG. 5 is a logical flow diagram illustrating an exemplary method forfederated authentication according to the present invention.

FIG. 6 is a logical flow diagram illustrating an exemplary method forauthenticating a user according to the present invention.

FIG. 7 is a logical flow diagram illustrating an exemplary method fordecoupling or unlinking a subscriber account according to the presentinvention.

FIG. 8 is a logical flow diagram illustrating an exemplary method forvalidating a subscriber's entitlement to content being requested from aprogrammer according to the present invention.

FIG. 9 illustrates tables for exemplary authorization-based metrics foruse in one embodiment of the present invention.

All Figures and Appendices ©Copyright 2010 Time Warner Cable, Inc. Allrights reserved.

DETAILED DESCRIPTION OF THE INVENTION

Reference is now made to the drawings wherein like numerals refer tolike parts throughout.

As used herein, the term “application” refers generally to a unit ofexecutable software that implements a certain functionality or theme.The themes of applications vary broadly across any number of disciplinesand functions (such as on-demand content management, e-commercetransactions, brokerage transactions, home entertainment, calculatoretc.), and one application may have more than one theme. The unit ofexecutable software generally runs in a predetermined environment; forexample, the unit could comprise a downloadable Java Xlet™ that runswithin the JavaTV™ environment.

As used herein, the terms “client device” and “end user device” include,but are not limited to, set-top boxes (e.g., DSTBs), personal computers(PCs), and minicomputers, whether desktop, laptop, or otherwise, andmobile devices such as handheld computers, PDAs, personal media devices(PMDs), and smartphones.

As used herein, the term “codec” refers to a video, audio, or other datacoding and/or decoding algorithm, process or apparatus including,without limitation, those of the MPEG (e.g., MPEG-1, MPEG-2,MPEG-4/H.264, etc.), Real (RealVideo, etc.), AC-3 (audio), DiVX,XViD/ViDX, Windows Media Video (e.g., WMV 7, 8, 9, 10, or 11), ATI Videocodec, or VC-1 (SMPTE standard 421M) families.

As used herein, the term “computer program” or “software” is meant toinclude any sequence or human or machine cognizable steps which performa function. Such program may be rendered in virtually any programminglanguage or environment including, for example, C/C++, Fortran, COBOL,PASCAL, assembly language, markup languages (e.g., HTML, SGML, XML,VoXML), and the like, as well as object-oriented environments such asthe Common Object Request Broker Architecture (CORBA), Java™ (includingJ2ME, Java Beans, etc.) and the like.

The terms “Customer Premises Equipment (CPE)” and “host device” refer toany type of electronic equipment located within a customer's or user'spremises and connected to a network. The term “host device” refersgenerally to a terminal device that has access to digital televisioncontent via a satellite, cable, or terrestrial network.

As used herein, the term “display” means any type of device adapted todisplay information, including without limitation CRTs, LCDs, TFTs,plasma displays, LEDs, incandescent and fluorescent devices, orcombinations/integrations thereof. Display devices may also include lessdynamic devices such as, for example, printers, e-ink devices, and thelike.

As used herein, the term “DOCSIS” refers to any of the existing orplanned variants of the Data Over Cable Services InterfaceSpecification, including for example DOCSIS versions 1.0, 1.1, 2.0 and3.0. DOCSIS (version 1.0) is a standard and protocol for internet accessusing a “digital” cable network.

As used herein, the term “headend” refers generally to a networkedsystem controlled by an operator (e.g., an MSO) that distributesprogramming to MSO clientele using client devices. Such programming mayinclude literally any information source/receiver including, inter alia,free-to-air TV channels, pay TV channels, interactive TV, and theInternet.

As used herein, the terms “Internet” and “internet” are usedinterchangeably to refer to inter-networks including, withoutlimitation, the Internet.

As used herein, the terms “microprocessor” and “digital processor” aremeant generally to include all types of digital processing devicesincluding, without limitation, digital signal processors (DSPs), reducedinstruction set computers (RISC), general-purpose (CISC) processors,microprocessors, gate arrays (e.g., FPGAs), PLDs, reconfigurable computefabrics (RCFs), array processors, and application-specific integratedcircuits (ASICs). Such digital processors may be contained on a singleunitary IC die, or distributed across multiple components. As usedherein, the terms “MSO” or “multiple systems operator” refer to a cable,satellite, or terrestrial network provider having infrastructurerequired to deliver services including programming and data over thosemediums.

As used herein, the terms “network” and “bearer network” refer generallyto any type of telecommunications or data network including, withoutlimitation, hybrid fiber coax (HFC) networks, satellite networks, telconetworks, and data networks (including MANs, WANs, LANs, WLANs,internets, and intranets). Such networks or portions thereof may utilizeany one or more different topologies (e.g., ring, bus, star, loop,etc.), transmission media (e.g., wired/RF cable, RF wireless, millimeterwave, optical, etc.) and/or communications or networking protocols(e.g., SONET, DOCSIS, IEEE Std. 802.3, ATM, X.25, Frame Relay, 3GPP,3GPP2, WAP, SIP, UDP, FTP, RTP/RTCP, H.323, etc.).

As used herein, the term “network interface” refers to any signal ordata interface with a component or network including, withoutlimitation, those of the FireWire (e.g., FW400, FW800, etc.), USB (e.g.,USB2), Ethernet (e.g., 10/100, 10/100/1000 (Gigabit Ethernet), 10-Gig-E,etc.), MoCA, Coaxsys (e.g., TVnet™), radio frequency tuner (e.g.,in-band or OOB, cable modem, etc.), Wi-Fi (802.11a,b,g,n), WiMAX(802.16), PAN (e.g., 802.15), or IrDA families.

As used herein, the term “QAM” refers to modulation schemes used forsending signals over cable networks. Such modulation scheme might useany constellation level (e.g. QPSK, 16-QAM, 64-QAM, 256-QAM, etc.)depending on details of a cable network. A QAM may also refer to aphysical channel modulated according to the schemes.

As used herein, the term “server” refers to any computerized component,system or entity regardless of form which is adapted to provide data,files, applications, content, or other services to one or more otherdevices or entities on a computer network.

As used herein, the term “storage device” refers to without limitationcomputer hard drives, DVR device, memory, RAID devices or arrays,optical media (e.g., CD-ROMs, Laserdiscs, Blu-Ray, etc.), or any otherdevices or media capable of storing content or other information.

As used herein, the term “Wi-Fi” refers to, without limitation, any ofthe variants of IEEE-Std. 802.11 or related standards including802.11a/b/g/n/v.

As used herein, the term “wireless” means any wireless signal, data,communication, or other interface including without limitation Wi-Fi,Bluetooth, 3G, HSDPA/HSUPA, TDMA, CDMA (e.g., IS-95A, WCDMA, etc.),FHSS, DSSS, GSM, PAN/802.15, WiMAX (802.16), 802.20, narrowband/FDMA,OFDM, PCS/DCS, analog cellular, CDPD, satellite systems, millimeter waveor microwave systems, acoustic, and infrared (i.e., IrDA).

Overview

The present invention discloses, inter alia, methods and apparatus forproviding protected content to subscribers of a managed network (e.g.,MSO network such as cable, satellite, or HFCu) via a content sourceaccessible to the subscriber via an internetwork (e.g., the Internet).In one embodiment, a user accesses a programmer (content source)website, or an MSO website, and requests content. If the particularcontent requested is protected content, or content which is onlyaccessible to certain types of subscribers, the programmer and/or MSOdetermines whether the requesting user is permitted to access thecontent and if so, what use restrictions if any apply. The process bywhich it is determined whether a user may access content includes: (i)authenticating the user as a subscriber to the MSO, and then (ii)determining whether the subscriber's service level (subscription level)permits or entitles viewing of the requested content.

In one embodiment, the user is authenticated by requiring him/her toestablish a login identity and password, and/or assigning the user aglobally unique identifier (GUID). This unique information is stored atan MSO entity such as an entitlements or authentication server, and whenthe user logs into a website (such as a common login application (CLA)maintained by the MSO), the information is accessed and compared toinformation the user provides to login. If valid login information isentered (i.e., the information provided matches the stored informationfor that user GUID), then a session is created between the MSO and user.

The aforementioned authentication at the MSO may be facilitated byvarious entities associated with the programmer. For instance, the usermay first log in to a third party (e.g., programmer's) website, such asby establishing a login identity and password which are stored at theprogrammer's site. Once logged in, the programmer may forward requeststo view content to an appropriate MSO, and provide a platform for theuser to log in to the MSO site (e.g., a virtual MSO interface).

In one embodiment, the programmer and MSO accounts for a particular usermay be linked or “federated”. According to this embodiment, a given userwill have MSO-specific information regarding its identity (such as logininformation for the MSO, GUID, etc.) and/or information regarding itssubscription level and other service details stored at the programmersite, or other entity accessible to the programmer without requiringconsultation with the MSO. Messages received from the MSO representingpermission for the user to access content may also be stored at theprogrammer site. The programmer may later reference this informationwhen subsequent requests for content are made by the user, and therebyprovide faster and more efficient service. Methods for unlinking orde-federating a user's account in the programmer and MSO sites are alsogiven.

Determination of whether the subscriber's service level (e.g.,subscription level) permits viewing of the requested content is, in oneembodiment, performed at the MSO in response to receiving a request forcontent. In one embodiment, one or more MSO entities utilize the userlogin information to determine the identity of the user as a subscriber,and then determines the details of the service to which the subscriberhas subscribed. The identity of the user may also be determined at leastin part via a device ID associated with the request (e.g., MAC, IPaddress, etc.), which can be correlated to one or more subscriberaccounts by the MSO.

The MSO generates and transmits messages to the third party programmer(content source) indicating whether or not the user should be permittedaccess to the content (and optionally what restrictions if any apply)based on the authentication and authorization determinations. In onevariant, the programmer may store a so-called “entitlement cookie” whichmay be referred to at future instances wherein the subscriber requestscontent. The entitlement cookie may comprise a stored MSO messageindicating the subscriber is entitled to access the content, which maybe relied upon for, e.g., a certain period of time or number oftransactions.

Delivery of the requested content may occur via a number of differentmodels, including for example (i) delivery back over the MSO'sinfrastructure, and (ii) delivery over non-MSO operated infrastructure,such as the Internet, wireless link, etc.

Business rules for the implementation of the aforementionedauthentication and authorization and for the delivery of content arealso described.

A uniform description language (e.g., “entitlements descriptionlanguage” or EDL that allows for management of protected content acrossheterogeneous network environments (including those outside of the MSO'sdirect control) is also described.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Exemplary embodiments of the apparatus and methods of the presentinvention are now described in detail. While these exemplary embodimentsare described in the context of the aforementioned hybrid fiber coax(HFC) cable system or satellite network architecture having an multiplesystems operator (MSO), digital networking capability, IP deliverycapability, and plurality of client devices/CPE, the general principlesand advantages of the invention may be extended to other types ofnetworks and architectures, whether broadband, narrowband, wired orwireless, or otherwise, the following therefore being merely exemplaryin nature. For instance, the invention may be adapted for use onso-called hybrid fiber copper (HFCu) networks, or WiMAX (IEEE Std.802.16) wireless networks.

It will also be appreciated that while described generally in thecontext of a consumer (i.e., home) end user domain, the presentinvention may be readily adapted to other types of environments (e.g.,commercial/enterprise, government/military, etc.) as well. Myriad otherapplications are possible.

Also, while certain aspects are described primarily in the context ofthe well-known Internet Protocol (described in, inter alia, RFC 791 and2460) and Session Initiation Protocol (SIP), it will be appreciated thatthe present invention may utilize other types of protocols (and in factbearer networks to include other internets and intranets) to implementthe described functionality.

Moreover, while many aspects of the invention are described within thecontext of traditional “on demand” services traditionally provided overe.g., a cable, satellite, or HFCu network (e.g., FVOD, SVOD, MOD, etc.),it will be appreciated that the concepts and apparatus described hereinare readily extensible to other content delivery paradigms includingwithout limitation broadcast (linear) and “start over”.

Other features and advantages of the present invention will immediatelybe recognized by persons of ordinary skill in the art with reference tothe attached drawings and detailed description of exemplary embodimentsas given below.

Exemplary Content Distribution Network—

FIG. 1 illustrates a typical content delivery network configuration withwhich the apparatus and methods of the present invention may be used.The various components of the network 100 include (i) one or more dataand application origination points 102; (ii) one or more content sources103, (iii) one or more application distribution servers 104; (iv) one ormore VOD servers 105, and (v) customer premises equipment (CPE) 106. Thedistribution server(s) 104, VOD servers 105 and CPE(s) 106 are connectedvia a bearer (e.g., HFC) network 101. The headend is also connectedthrough a gateway or other such interface (not shown) to unmanagedexternal internetworks such as the Internet 111. A simple architecturecomprising one of each of the aforementioned components 102, 104, 105,106 is shown in FIG. 1 for simplicity, although it will be recognizedthat comparable architectures with multiple origination points,distribution servers, VOD servers, and/or CPE devices (as well asdifferent network topologies) may be utilized consistent with theinvention. For example, the headend architecture of FIG. 1 a (describedin greater detail below) may be used.

The data/application origination point 102 comprises any medium thatallows data and/or applications (such as a VOD-based or “Watch TV”application) to be transferred to a distribution server 104. This caninclude for example a third party data source, application vendorwebsite, CD-ROM, external network interface, mass storage device (e.g.,RAID system), etc. Such transference may be automatic, initiated uponthe occurrence of one or more specified events (such as the receipt of arequest packet or ACK), performed manually, or accomplished in anynumber of other modes readily recognized by those of ordinary skill.

The application distribution server 104 comprises a computer systemwhere such applications can enter the network system. Distributionservers are well known in the networking arts, and accordingly notdescribed further herein.

The VOD server 105 comprises a computer system where on-demand contentcan be received from one or more of the aforementioned data sources 102and enter the network system. These servers may generate the contentlocally, or alternatively act as a gateway or intermediary from adistant source.

The CPE 106 includes any equipment in the “customers' premises” (orother locations, whether local or remote to the distribution server 104)that can be accessed by a distribution server 104.

Referring now to FIG. 1 a, one exemplary embodiment of a headendarchitecture useful with the present invention is described. As shown inFIG. 1 a, the headend architecture 150 comprises typical headendcomponents and services including billing module 152, subscribermanagement system (SMS) and CPE configuration management module 154,cable-modem termination system (CMTS) and OOB system 156, as well asLAN(s) 158, 160 placing the various components in data communicationwith one another. It will be appreciated that while a bar or bus LANtopology is illustrated, any number of other arrangements as previouslyreferenced (e.g., ring, star, etc.) may be used consistent with theinvention. It will also be appreciated that the headend configurationdepicted in FIG. 1 a is high-level, conceptual architecture and thateach MSO may have multiple headends deployed using custom architectures.

The exemplary architecture 150 of FIG. 1 a further includes amultiplexer-encrypter-modulator (MEM) 162 coupled to the HFC network 101adapted to process or condition content for transmission over thenetwork. The distribution servers 164 are coupled to the LAN 160, whichprovides access to the MEM 162 and network 101 via one or more fileservers 170. The VOD servers 105 are coupled to the LAN 160 as well,although other architectures may be employed (such as for example wherethe VOD servers are associated with a core switching device such as an802.3z Gigabit Ethernet device). As previously described, information iscarried across multiple channels. Thus, the headend must be adapted toacquire the information for the carried channels from various sources.Typically, the channels being delivered from the headend 150 to the CPE106 (“downstream”) are multiplexed together in the headend, aspreviously described and sent to neighborhood hubs (FIG. 1 b) via avariety of interposed network components.

It will also be recognized, however, that the multiplexing operation(s)need not necessarily occur at the headend 150 (e.g., in theaforementioned MEM 162). As yet another alternative, a multi-location ormulti-stage approach can be used, such as that described in U.S. Pat.No. 7,602,820, entitled “APPARATUS AND METHODS FOR MULTI-STAGEMULTIPLEXING IN A NETWORK” incorporated herein by reference in itsentirety, which discloses inter alia improved multiplexing apparatus andmethods that allow such systems to dynamically compensate for content(e.g., advertisements, promotions, or other programs) that is insertedat a downstream network node such as a local hub, as well as “feed-back”and “feed forward” mechanisms for transferring information betweenmultiplexing stages.

Content (e.g., audio, video, data, files, etc.) is provided in eachdownstream (in-band) channel associated with the relevant service group.To communicate with the headend or intermediary node (e.g., hub server),the CPE 106 may use the out-of-band (OOB) or DOCSIS channels andassociated protocols. The OCAP 1.0 (and subsequent) specificationprovides for exemplary networking protocols both downstream andupstream, although the invention is in no way limited to theseapproaches.

It will also be recognized that the multiple servers (broadcast, VOD, orotherwise) can be used, and disposed at two or more different locationsif desired, such as being part of different server “farms”. Thesemultiple servers can be used to feed one service group, or alternativelydifferent service groups. In a simple architecture, a single server isused to feed one or more service groups. In another variant, multipleservers located at the same location are used to feed one or moreservice groups. In yet another variant, multiple servers disposed atdifferent location are used to feed one or more service groups.

An optical transport ring (not shown) is also commonly utilized todistribute the dense wave-division multiplexed (DWDM) optical signals toeach hub within the network in an efficient fashion.

In addition to on-demand and broadcast content (e.g., videoprogramming), the system of FIGS. 1 a and 1 b (and 1 c discussed below)also deliver Internet 111 data services using the Internet protocol(IP), although other protocols and transport mechanisms of the type wellknown in the digital communication art may be substituted. One exemplarydelivery paradigm comprises delivering MPEG-based video content, withthe video transported to user PCs (or IP-based STBs) over theaforementioned DOCSIS channels comprising MPEG (or other video codecsuch as H.264 or AVC) over IP over MPEG. That is, the higher layer MPEG-or other encoded content is encapsulated using an IP protocol, whichthen utilizes an MPEG packetization of the type well known in the artfor delivery over the RF channels, such as via a multiplexed transportstream (MPTS). In this fashion, a parallel delivery mode to the normalbroadcast delivery exists; i.e., delivery of video content both overtraditional downstream QAMs to the tuner of the user's STB or otherreceiver device for viewing on the television, and also as packetized IPdata over the DOCSIS QAMs to the user's PC or other IP-enabled devicevia the user's cable modem. Delivery in such packetized modes may beunicast, multicast, or broadcast. Delivery of the IP-encapsulated datamay also occur over the non-DOCSIS QAMs, such as described below withrespect to FIG. 1 c.

The CPE 106 are each configured to monitor the particular assigned RFchannel (such as via a port or socket ID/address, or other suchmechanism) for IP packets intended for the subscriber premises/addressthat they serve.

While the foregoing network architectures described herein can (and infact do) carry packetized content (e.g., IP over MPEG for high-speeddata or Internet TV, MPEG2 packet content over QAM for MPTS, etc.), theyare often not optimized for such delivery. Hence, in accordance withanother embodiment of the present invention, a “packet optimized”delivery network is used for carriage of the packet content (e.g., IPTVcontent) when the request issues from an MSO network (see discussion ofFIG. 2 a below). FIG. 1 c illustrates one exemplary implementation ofsuch a network, in the context of an IMS (IP Multimedia Subsystem)network with common control plane and service delivery platform (SDP),as described in co-pending U.S. Provisional Patent Application Ser. No.61/256,903 entitled “METHODS AND APPARATUS FOR PACKETIZED CONTENTDELIVERY OVER A CONTENT DELIVERY NETWORK”, previously incorporatedherein. Such a network provides significant enhancements in terms ofcommon control of different services, implementation and management ofcontent delivery sessions according to unicast or multicast models,quality-of-service (QoS) for IP-packetized content streams, etc.;however, it is appreciated that the various features of the presentinvention are in no way limited to any of the foregoing architectures.

Content Delivery Authorization and Message Exchange Architecture—

The approach to providing access to protected content outside of an MSOnetwork described in the present disclosure are based in the exemplaryembodiment on a pre-defined set of transactions or assertions which arepassed between the content provider (e.g., programmer or otherthird-party entity) and the managed network operator (e.g., MSO). Theassertions, categorized by authentication and authorization (each ofwhich will be discussed in greater detail subsequently herein), areconducted between applications proprietary to both of the aforementionedorganizations, yet externalized through a set of standards-basedprotocols. In one implementation of the invention, the protocolsutilized include those defined by the Liberty Alliance Project, and/orby the Organization for the Advancement of Structured InformationStandards (OASIS), although it will be recognized that other protocolsmay be used with equal success.

The Liberty Alliance, formed in 2001, created a set of open standardsand guidelines for identity management with the fundamental concept of“identity federation” (or the linking of accounts within or acrossdisparate organizations). The guidelines produced from the project,known as Liberty Alliance Identity Federation Framework (ID-FF) V1.2specification, which is incorporated herein by reference in itsentirety, define the process by which identities from trusted sourcescan be linked in order to reduce ongoing multiple logins, thusincreasing identity assurance while reducing identity fraud. In 2003,the Liberty Alliance contributed their body of work to OASIS that wasfounded in 1993 under the name SGML Open. SGML Open's original charterwas the creation of guidelines for interoperability among productssupporting the Standard Generalized Markup Language (SGML), but in 1998SGML Open changed its name and shifted its focus from SGML to ExtensibleMarkup Language (XML), as it became widely adopted by the technologyindustry.

To date, specifications from OASIS have become the de facto standard forsecurity and identification management between consenting businesspartners, which is represented through the Security Assertion Markuplanguage (SAML) Specification (Version 2.0 released in 2005), as SAMLCore: S. Cantor et al. Assertions and Protocols for the OASIS SecurityAssertion Markup Language (SAML) V2.0. OASIS Standard, March 2005.Document ID saml-core-2.0-os(http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf) andSAML Binding: S. Cantor et al. Bindings for the OASIS Security AssertionMarkup Language (SAML) V2.0. OASIS Standard, March 2005. Document IDsaml-bindings-2.0-os(http://docs.oasisopen.org/security/saml/v2.0/saml-bindings-2.0-os.pdf),each of which is incorporated herein by reference in its entirety. Earlyversions of SAML and the ID-FF were compatible; however, the twostandards became incompatible based on component changes within SAML forgreater consistency and component symmetry. Other key differencesaddressed in SAML v2.0 were encryption metadata and multi-endpointsupport for a single protocol. Also, SAML v2.0 generalized the Libertyfunctionality to account for more options or use cases for expandeddefinition. However, it will be appreciated that the present inventionis not limited to any particular standards or languages, the foregoingSAML and ID-FF being merely exemplary of the broader principles of theinvention.

Referring now to FIG. 2, a high-level block diagram of a contentdelivery authorization and message exchange architecture 200 configuredin accordance with one embodiment of the invention is described. Thisarchitecture is useful for, inter alia, providing delivery of protectedcontent to so-called “entitled” viewers, as discussed in greater detailsubsequently herein.

As shown in FIG. 2, the architecture 200 generally comprises threeprimary “outward facing” (i.e., from the MSO outward) applications offunctions of the MSO 221. The applications interact with one or morethird party programmers or content sources 204 and MSO subscribers andother non-MSO users, and include (i) the common login application (CLA)207, (ii) an enterprise identity system (EIS) 214, and (iii) a serviceoriented architecture (SOA) 208.

The programmers/sources 204 may for example include any broadcastprovider (such as e.g., NBC, Turner Broadcasting, Viacom, etc.) whichdistributes content across one or more mediums, or through distributionagreements with the MSO. Subscribers include the individual consumers orusers of video/audio/data services.

Subscribers request access to content via user devices such as e.g.,consumer premises equipment (CPE) 106, personal media devices (PMD) 107,personal computers (PC), laptop computers, mobile devices, etc. The userdevices may include any apparatus capable receiving audio/video/dataservices from the MSO 221 or programmer 204 via the Internet. Hence, twoprimary request/delivery models are envisaged (although others may beused as well, or combinations or variants of the foregoing): (i) requestfrom an MSO-network device (e.g., CPE 106 such as an IP-enabled DSTB orpremises gateway 113) to an Internet site, for content to be returnedback to the requesting MSO-network device (see FIG. 2 a); and (ii)request from a non-MSO network device, for content to be returned backto the requesting non-MSO network device (see FIG. 2 b).

An example of the former case (i) might be an IP-enabled DSTB orPC/DOCSIS cable modem registered with the MSO that utilizes MSOinfrastructure to access the Internet (and the third partyprogrammer/source site), with content being streamed back to therequesting device over a comparable pathway. Here, the MSO network actsboth as a “bearer” and “authorizer” network.

An example of the latter case (ii) might be an IP-enabled mobile device(e.g., smartphone or laptop computer) which may or may not be registeredwith the MSO, and is being operated by an authorized MSO subscriber. Thedevice may obtain access to the Internet via e.g., a service providerWLAN, cellular 3G/4G (e.g., LTE-A), WiMAX, or other such interface 250,whereby it may connect to the third party website and request content,the latter streamed to the device over a comparable return path whendelivery is authorized. In this fashion, the MSO network is not abearer, but rather merely an authorizer.

FIG. 2 c illustrates yet another use case of the content delivery andmessage exchange network architecture of FIG. 2, wherein an MSO-operated(or “federated”) site is used.

The flow of various communications (and the protected content) under theforegoing exemplary scenarios are also illustrated in FIGS. 2 a-2 c,respectively. In various models, the subscriber request is received at:(i) the programmer website 205; and/or (ii) at the CLA 207 associatedwith the MSO 221. The subscriber (and/or device) requesting access tocontent is authenticated, and its authorization to receive the contentis validated by the SOA 208, EIS 214 and identity provider 218. Thisauthentication and authorization may take many forms, such as thosedescribed subsequently herein (e.g., authentication of the user and/ortheir device, authorization of the user to access content, etc.), aswell as others which may be used such as IEEE Std. 802.1xauthentication, use of a RADIUS server, etc.

Once the subscriber (and/or device) is authenticated and authorized, thecontent may be provided from the programmer content server 203 to therequesting device (e.g., CPE 106, PMD 107, etc.).

As noted above, the requested/provided content may comprise broadcastcontent as well as on-demand content. Other types of content may also beprovided. For example, so called “quick clips” content (described inco-owned U.S. Pat. No. 7,174,126 issued Feb. 6, 2007 and entitled“TECHNIQUE FOR EFFECTIVELY ACCESSING PROGRAMMING LISTING INFORMATION INAN ENTERTAINMENT DELIVERY SYSTEM” incorporated herein by reference inits entirety), so-called “start-over” content (described in co-owned,co-pending U.S. Patent Publication No. 2005/0034171 entitled “TECHNIQUEFOR DELIVERING PROGRAMMING CONTENT BASED ON A MODIFIED NETWORK PERSONALVIDEO RECORDER SERVICE” incorporated herein by reference in itsentirety), so-called “lookback” content (as described in co-owned,co-pending U.S. patent application Ser. No. 10/913,064 filed Aug. 6,2004 and entitled “TECHNIQUE FOR DELIVERING PROGRAMMING CONTENT BASED ONA MODIFIED NETWORK PERSONAL VIDEO RECORDER SERVICE” incorporated hereinby reference in its entirety), and/or so-called “remote DVR” content (asdiscussed in co-owned U.S. Pat. No. 7,457,520 issued Nov. 25, 2008 andentitled “TECHNIQUE FOR PROVIDING A VIRTUAL DIGITAL VIDEO RECORDERSERVICE THROUGH A COMMUNICATIONS NETWORK” incorporated herein byreference in its entirety) may be ingested at the third party contentsource. Still further, enhanced access to premium based content which isnot available to non-subscribers, or which cannot be delivered acrosstraditional transport may also be provided, such as e.g., behind thescenes outtakes, alternate endings, actor interviews, etc.

The CLA 207 is used as an entry point into the MSO network's 221 webportals by both residential and commercial users. In one embodiment, theCLA 207 communicates with the EIS 214 to store user-specificinformation, including a digital identity. Hence, an MSO subscriber mayestablish a digital identity at the CLA 207 which is stored thereon, andwhich may be shared with the EIS 214 and storage entities communicatingwith each. The creation of an MSO-specific digital identity for eachsubscriber will be discussed in greater detail below.

It is via the CLA 207 that a subscriber in the illustrated embodimentmay access subscriber-controlled services such as Digital VideoRecorders (DVRs), personal video recorders (PVR), network-based DVRand/or PVR, and self-controlled phone services (such as, e.g., callforwarding, call waiting, etc.). A subscriber may also obtaininformation pertaining to call records and billing information byaccessing the web portals via the CLA 207.

Delivery of content to the CPE 106 and/or PMD 107 occurs within the MSOnetwork (i.e., under the paradigm of FIG. 2 a) in one embodiment, asdiscussed in previously incorporated co-owned U.S. ProvisionalApplication Ser. No. 61/256,903 filed on Oct. 30, 2009 and entitled“METHODS AND APPARATUS FOR PACKETIZED CONTENT DELIVERY OVER A CONTENTDELIVERY NETWORK”. As discussed therein, a substantially session-basedand packetized content delivery approach (e.g., using the well-known IPnetwork layer protocol) which allows for temporal, device, and locationflexibility in the delivery of the content, andtransportability/migration of user sessions (i.e., allows a user toreceive any content they desire, delivered at any time and at anylocation, and on any device they choose, and move that “Session” toanother device or location), as well as service/content personalization(e.g., on a per-session/user basis) and blending (integration). Thisapproach uses a common or unified delivery architecture in providingwhat were heretofore heterogeneous services supplied by substantiallydifferent, and often vendor-specific, networks.

Moreover, the foregoing apparatus and methods provide for enhancedcontent access, reproduction, and distribution control (via e.g., aDRM-based approach and other security and content control measures), aswell as quality-of-service (QoS) guarantees which maintain high mediaquality and user experience, especially when compared to prior art“Internet TV” paradigms. In one exemplary implementation, the networkmay be based on an IMS (IP Multimedia System, such as e.g., that definedin relevant 3GPP standards) which includes SIP session protocols, aswell as a Service Delivery Platform (SDP).

In another implementation (FIG. 2 b), the network comprises both“managed” and “unmanaged” (or off-network) services, so that a networkoperator can utilize both its own and external infrastructure to providecontent delivery to its subscribers in various locations and use cases.

In one variant of this approach, network services are sent “over thetop” of other provider's infrastructure 250, thereby making the serviceprovider network substantially transparent (i.e., the protected contentrequests and other communications are passed over the service providernetwork and the Internet as if they are any other traffic). In anothervariant, a cooperative approach between providers is utilized, so thatfeatures or capabilities present in one service provider's network(e.g., authentication of mobile devices to an AP or RAN) can beleveraged by another provider operating in cooperation therewith. Inanother embodiment, requested content may be authorized via the contentand data distribution architecture 200, and provided to the CPE 106and/or PMD 107 as described in co-owned, co-pending U.S. patentapplication Ser. No. 11/258,229 filed on Oct. 24, 2005 and entitled“METHOD AND APPARATUS FOR ON-DEMAND CONTENT TRANSMISSION AND CONTROLOVER NETWORKS”, which is incorporated herein by reference in itsentirety. As discussed therein, data may be provided according todownload or “on demand” paradigms. In one embodiment, the networkcomprises a cable television network connected with a CSP (cellularservice provider) or wireless service provider (WSP), and on-demandcontent delivery is accomplished via a “point-to-point” approach whereina session is established between a content receiving entity (such as acellular telephone) and a distributing entity (e.g., a VOD server).Session establishment and data flow control are advantageouslyimplemented using protocols and bandwidth that are typically used for(i) providing on-demand services to subscribers within the cablenetwork, and (ii) delivery and control of streaming multimedia to clientmobile devices.

Yet other mechanisms and architectures for providing content to PMDs 107and/or CPE 106 located in or out of a managed network may be usedconsistent with the invention as well, the foregoing being merelyexemplary of the broader principles.

As will be discussed in greater detail below, the architecture 200utilizes information obtained from or stored at an MSO-maintainedauthorization server (not shown) to determine whether a requesting userdevice is authorized to receive the content. In one embodiment, theprovision of content and use thereof are effectively controlled by thesupplying web or programmer content server 203 (or any intermediaryMSO-operated infrastructure). For example, once a user is authorized toreceive content, the server 203 serves the content to the user deviceover the prescribed delivery path/model.

In another embodiment, various restrictions to the provision of contentto a user at a display or rendering device associated with the userdevice are determined by the device (e.g., CPE 106, PMD 107, etc.)itself, as discussed in co-owned, co-pending U.S. patent applicationSer. No. 12/716,131 filed on Mar. 2, 2010 and entitled “APPARATUS ANDMETHODS FOR RIGHTS-MANAGED CONTENT AND DATA DELIVERY”, which isincorporated herein by reference in its entirety. As discussed therein,a downloadable or transferable rights profile coupled with a “smart”media player application are given. The rights profile containsinformation regarding the specific rights of a device and/or asubscriber to access content. It is via the rights profile that thedevice (via the media player and its associated rights managementapplication) determines whether to provide content to a subscriber.

In one implementation of the architecture of FIGS. 2 a-2C, one or moreentities useful in delivery of content to the CPE 106 or PMD 107 may beadapted to utilize information regarding the CPE 106 or PMD 107capabilities (e.g., such as in the event a capabilities profile isreceived from these devices) to performde-encapsulation/re-encapsulation of content where necessary, as isdisclosed in co-owned, co-pending U.S. patent application Ser. No.12/582,619 filed on Oct. 20, 2009 and entitled “GATEWAY APPARATUS ANDMETHODS FOR DIGITAL CONTENT DELIVERY IN A NETWORK”, which isincorporated herein by reference in its entirety. As discussed therein,one or more entities of the programmer 204 or MSO 221 (or locatedelsewhere) may be configured to process content includingde-encapsulating the content from a first media file container formatand subsequently re-encapsulating the content to a second media filecontainer format which is known to be compatible with the requestingdevice. For example, content which is delivered from a host server orother content source may be encapsulated in e.g., MP4, if the receivingCPE 106 is not capable of reading the MP4 files, the content server (orother entity) may re-encapsulate the content to e.g., MPEG-2 or toanother format that the receiving CPE 106 is capable of reading.

In another exemplary embodiment, the receiving device may comprise aconverged premises device (CPD) and/or a media bridge. The CPD may forexample be of the type described in co-owned and co-pending U.S. patentapplication Ser. No. 11/378,129 filed Mar. 16, 2006 and entitled“METHODS AND APPARATUS FOR CENTRALIZED CONTENT AND DATA DELIVERY”,incorporated herein by reference in its entirety. As discussed therein,the CPD comprises a WLAN (e.g., Wi-Fi) and/or PAN (e.g., Bluetooth or802.15) wireless interface. Packetized (e.g., IP) traffic may beexchanged between the CPD and a PMD 107 via, e.g. the WLAN/PANinterface. Hence, in one embodiment, the PMD 107 may request contentfrom the CPD.

In another embodiment, the user device may comprise a media bridge,which may, for example, be of the type disclosed in co-owned, co-pendingU.S. patent application Ser. No. 12/480,597 filed Jun. 8, 2009 andentitled “MEDIA BRIDGE APPARATUS AND METHODS”, incorporated herein byreference in its entirety. As discussed therein, the media bridgingapparatus acts as a connection between a PMD 107 (which may includee.g., an iPad™, handheld computer, smartphone, PDA, etc.) and a user'shome network. This bridging apparatus may be used, for example, toconvert content stored on the PMD 107 to a format capable of beingpresented on a user's set-top box or other client device. The bridgingapparatus may also be utilized for transmitting content to the PMD 107(such as by converting the content to a format capable of beingstored/presented on the PMD 107) provided the user of the PMD 107 isauthorized to receive the content.

Referring now to FIG. 2 d, one exemplary implementation of the contentand entitlements management architecture 200 of FIG. 2 is shown anddescribed.

As noted above in FIG. 2, the MSO 221 generally comprises a CLA 207 incommunication with an SOA 208 and EIS 217 (in further communication withan identity provider 218). These components are distributed in atechnology services group (TSG) authorization infrastructure 202 and anadvance technology group (ATG) authentication infrastructure 206. Theauthorization infrastructure 202 and authentication infrastructure 206each communicate with one or more programmers 204 prior to enablingdelivery from the latter (or its designated delivery proxy) of requestedcontent to a subscriber.

As shown in FIG. 2 c, the authentication infrastructure 206 generallycomprises a plurality load balancers 216, a plurality of identityproviders 218, and the enterprise identity system (EIS) 214. The loadbalancers 216 are used to distribute transactional traffic across one ormore servers within one or more data centers. The authentication andauthorization applications of the exemplary embodiment each utilize morethan one server, which are used to increase transactional throughput,and to aid in the event a server is offline (i.e., planned or unplannedoutages).

In one embodiment (illustrated at FIG. 2 e), there is a “global” loadbalancer which serves as the primary point of interface that routes to“local” load balancers within the corresponding data centers, which eachdistribute the transactional traffic to the associated. How the trafficis distributed can vary based on configuration including for example:round robin, load-based, or availability-based. This method oftransaction distribution provides a highly available fault-resilientenvironment that maximizes operational readiness and “up-time”.

The identity providers 218 are useful in accessing and evaluatingsubscriber information to determine if a requesting subscriber is asubscriber of the MSO 221, and/or the level of service or other servicedetails of the subscriber's subscription. As discussed in greater detailelsewhere herein, a two-step process is used in one embodiment toauthenticate the user, and then authorize what content they are entitledto access; failure can occur at either step. First, the authenticationinfrastructure 206 validates (i.e., authenticates) that the subscriberhas an active account based on e.g., user entry of a correctusername/password combination, regardless of service (e.g., video, highspeed data, phone). Next, the authorization infrastructure 202 validates(i.e., authorizes) that the subscriber is entitled to access requestedcontent based on subscription-based services (such as e.g., video).

The EIS 214 is used to store a subscriber's digital identity. A digitalidentity is in the present embodiment a subscriber-specific identifierwhich is used to uniquely (and optionally anonymously) identify thesubscriber. A digital identity may further be linked to a particular MSO221, a geographic region, demographic, subscriber type, etc. In oneembodiment, the digital identity comprises a plurality of recordsidentifiable by the subscriber's entry of a login and a password valueat the CLA 207. In one such implementation, the EIS 214 and identityprovider 218 in conjunction are responsible for authenticating asubscriber's identity for account linking or content delivery. Forexample, the EIS 214 may authenticate a subscriber if the programmer 204has no system for validating a subscriber's identity, such as if theprogrammer 204 does not support its own identity management system(IDMS).

Referring again to FIG. 2 c, the authorization infrastructure 202generally comprises a plurality of load balancers 210 (see above andFIG. 2 e), one or more data power sources 212, and one or more serviceoriented architecture (SOA) adapters. 208. The data power sources 212are used to offload traffic from backend servers; in this case, theservers are used for the authorization application. The data powersources 212 are able to accelerate as well as throttle traffic, but mayalso be used to perform protocol translation of XML data streaming toand from the programmers. The data power sources 212 validate thatincoming transactions are well-formed. If they are not, errors arepresented back to the programmer, thus shielding the authorizationservers from processing bad or even malicious requests.

The SOA adapters 208 are used to revalidate a subscriber's identity, andobtain information from multiple disparate systems having subscriberinformation on purchased services (i.e., monthly and on-demand) storedthereon. The obtained information is used by the SOA adapters 208 toconfirm or deny entitlement of the subscriber to requested content. TheSOA 208 performs an authorization of subscriber-based requests foraccess to protected content. In one embodiment, “protected content”comprises that content which is protected by being placed behind afirewall or other similar security barrier/mechanism. Content may beprotected based on one or both of the MSO 221 or/and programmer 204identifying the programming as such, and may further be limited tocertain ones of the MSO 221 (and/or other MSO's) subscribers. Forexample, certain content may only be made available to a particular tierof subscriber (e.g., premium subscriber, etc.) across one or multipledifferent MSOs.

Various reasons may exist for protecting the content, including forexample: (i) it is “first run” or recent content that is surreptitiouslyobtained and distributed, would usurp significant revenue andadvertising opportunities from the MSO and/or source; (ii) it is contentthat is not suitable for all classes of viewers (e.g., adult content);(iii) it is copyright or otherwise legally protected; (iv) it must bepre-processed before delivery in order to ensure one or more attributessuch as proper advertisement insertion, encoding format/QoS, etc.

Additionally, content may be placed in a protected class according toe.g., franchising agreements which do not allow certain pieces ofcontent to be distributed outside a set geographical area(s). Localsports, educational and government programming that cannot be or has notpaid for the right to distribute across specified physical boundariesbased on local franchising rights (or those of third-parties thatdistribute such content on behalf of the MSO), would be examples of suchprotected content.

Environment Setup—

Referring now to FIG. 3, an exemplary embodiment of the method forconnecting and establishing a relationship between the MSO 221 and aprogrammer 204 according to the invention is provided. The connectionand establishment of a relationship between these entities is necessaryfor the transaction of information therebetween, including e.g.,information useful in authenticating and/or authorizing a subscriber,and specifying their rights with respect to various uses of therequested content.

As shown, per step 302, both the MSO 221 and the programmer 204independently configure their networks to support connectivity betweenservers of each network. In one embodiment, this may include e.g.,creating firewall policies, and/or translating the external InternetProtocol (IP) address to an internal address (as required). The wellknown network address translation (NAT) approach may be utilized fortranslating the external IP address to an internal address.Alternatively other mechanisms may be utilized, including thoseconfigured to masquerade and/or hide a network address, or change/rotateit as a function of time or accesses (e.g., for security reasons).

Next, at step 304, at least one of the MSO 221 and the programmer 204set up a firewall. The policies set forth during the configuration step(step 302) may be implemented to establish the firewall as discussedabove. In general terms, a formal firewall request is submitted to theMSO TSG 202 operators to process and add the programmer's IP address,addresses or address ranges to internal firewall policies. The TSG 202operators add a policy to the firewall that allows two-way trafficbetween the programmer and the MSO (i.e., “white-lists” the programmerby IP address, etc.). White-listing of the type discussed herein isrequired because the MSO in many instances maps a specific port on theauthorization server and does not allow the port to be open to thepublic. In another embodiment, no firewall setup is needed for theauthentication servers 206. Rather, all traffic comes across port 443,which is already secure (i.e., HTTPS with encrypted transactions).

Then, per step 306, the connectivity between the MSO 221 and programmer204 is validated. In one embodiment, the validation may includeexchanging of port designations and IP addresses (as discussed above).Alternatively, the MSO may schedule a formal connectivity test thatincludes a “ping” and telnet set of tests between the programmer'sservers and the MSO authentication and authorizations servers. Duringthis connectivity test, the MSO and the programmer confirm access to oneanother's servers. If access cannot be confirmed, then correspondingoperators for each the programmer and the MSO are contacted to aid introubleshooting issues.

Next, executions of sample authentication and authorization transactionsare performed. To accomplish this, the MSO provides the programmer a setof sample authentication and authorization transactions (i.e., formattedXMLs), which the programmer uses to “push” to the associated servers inits certification environment. The MSO and the programmer then confirmthat the transactions are processed appropriately. If not, varioustroubleshooting techniques are used to determine why the transactionsare failing, including e.g., looking through log files for correspondingrequest/response transactions.

Per step 308, digitally signed certificates used within the SecureSockets Layer (SSL) 2-way interfaces are exchanged between the MSO 221and programmer 204. In one embodiment, different servers may be used forthe aforementioned authentication and authorization. Hence, separateUniform Resource Locators (URLs) may be required for each server by theprogrammer 204.

For example, the authentication process may make use of SecurityAssertion Markup Language (SAML) for exchanging authentication andauthorization data between security domains. As noted previously, SAMLis a product of the OASIS® Security Services Technical Committee. Theauthentication process may follow the specification for Single Sign-On(SSO) between a service provider and the identity provider (e.g., theprogrammer 204 and MSO 221 respectively). Within the SAML domain,digital certificates are contained within a set of metadata that alsoincludes other specific interface control values such as Time-To-Live(TTL) along with an applicable KeyDescriptor (i.e., public key portionof public/private encryption key pair). In the exemplary embodiment,both the MSO 221 and the programmer 204 generate specific metadata thatis exchanged and loaded on one another's web servers. It is noted thatthe exchange of metadata may need to be accomplished using secure dataexchange techniques (e.g., encryption, integrity protection such ascryptographic residues, etc.) as, in many instances, the metadataexchanged between the MSO 221 and programmer 204 is humanly readable.Once the metadata is loaded, then the trust relationship is formed, andassertions between parties can begin.

With respect to authorization, however, a more traditional ExtensibleMarkup Language (XML) interface may be used. This may include, forexample, passing data in a set of element structures that closelyfollows the concepts of eXtensible Access Control Markup Language(XACML). Within this framework, digitally signed certificates areexchanged and loaded to the MSO 221 and the programmer's 204 webservers, similar to the metadata. To complete the setup, a Common SecureInteroperability (CSI) session is conducted between the MSO 221 and theprogrammer 204, wherein the public key information is exchanged and bothparties verify certificate signature, validity times, and revocationstatus.

Additional configurations by the MSO 221 and the programmer 204 may alsobe required outside the connectivity setup and certificate exchange.SAML general services are configured on associated web servers whichfurther define attribute details used for processing of authenticationassertions. The precise configuration of the SAML general services isperformed within the framework of the application server being used andmay vary based on product (e.g., Weblogic®, WebSphere®, Apache®, etc.).

Per step 310, the programmer 204 is then provided with a globally uniqueidentifier (GUID) from the MSO 221; the programmer GUID is used duringall authorization requests. Each time an authorization request is madefrom the programmer to the MSO 221, the programmer 204 provides itsassigned programmer GUID. The programmer GUID is verified prior to anyfurther processing by the MSO 221. The programmer GUID may, in oneembodiment, comprise a 36 alpha/numeric-character string uniquelyidentifying the programmer in an obfuscated (non-readable) manner.

Appendices A-D hereto detail the functional requirements to which theprovision of service according to one embodiment of the presentinvention must adhere. Appendix A hereto contains information on theformatting of the exemplary request (and response) according to oneembodiment of the invention.

Appendix B illustrates exemplary requirements of the service request.The table of Appendix B includes both: (i) the XML element definitions,and (ii) any validation and behavioral rules to be applied by therequest. The table describes the service specific XML elements in thebody of the service's request (note that other elements common to allservices may also be required). The element list includes basic XMLelement descriptions. The request header is assumed to be the standardheader used unless otherwise indicated. Each service must use a standardheader when sending responses or receiving requests from SOA.

Each element listed in the table is unique for this service, and isvalidated by a series of standard validation requirements. See AppendixC for the list of validation requirements that are common to all SOAservices for the elements listed. Any additional unique validationrequirements that should be implemented for this service are fullydescribed as an exception requirement (as described elsewhere herein).

The table of Appendix D illustrates additional exemplary requestrequirements according to an exemplary embodiment of the invention.

A specific set of values defining the resources (e.g., channels)supported by a programmer 204 are also negotiated as part of the setupprocess of the method of FIG. 3. This set is implemented and maintainedwithin the SOA 208 throughout the entire life expectancy of the trustrelationship between the MSO 221 and programmer 204 (step 312). Anychanges to these resource identifiers are communicated to the MSO 221;otherwise, authorization attempts may fail. This negotiation proceedsvia a response to the aforementioned request. Methods for managingauthorization requests/responses are discussed in greater detail below.

The table(s) of Appendices E, et seq. provides the detailed requirementsfor the service request definition, including the XML elementdefinitions, as well as any validation and behavioral rules to beapplied by the response.

Appendix E illustrates exemplary service-specific XML elements in thebody of the service's response. The hierarchy of the requests is:subject (SubscriberID), resource (ResourceID), action (ActionID),environment (EnvrionmentID and SubscriberIP). The table of Appendix Fillustrates exemplary response requirements.

Next, per step 314, after the MSO 221 and programmer 204 have beguncommunication, certain types of information, such as e.g., “co-branded”information, may be configured and displayed to the subscriber duringthe login process. In one embodiment, the co-branded information maycomprise information such as banners, advertisements, etc., which havebeen pre-defined and approved by both the MSO 221 and the programmer204. The co-branded text and images from the MSO 221 and/or theprogrammer 204 (i.e., co-branded information) are loaded to each party'sweb servers. The co-branded information is mapped to the content displaypages on the programmer's 204 site, and login pages on MSO's site, whichis mapped to the appropriate HTML forms/fields. Co-branded text andimages are set up by the MSO 221 for each of the programmers 204 andeach content or virtual channel. When a subscriber logs in via eitherthe programmer 204 or the MSO 221 site, the co-branding information isdisplayed in the pre-approved manner as mutually defined and agreed uponbetween the MSO 221 and the programmer 204.

Lastly, per step 316, the subscriber is able to request content, andhave the requested content delivered thereto using authentication andauthorization processes discussed in greater detail below.

The table of Appendix G illustrates exemplary exception requirementsaccording to one embodiment of the present invention. The table containsexemplary requirements related to business exceptions that pertainspecifically to this service. In addition, this service includes anycommon SOA framework exceptions outlined in the SOA error guidelines ofAppendix H.

Account Creation—

Methods for authentication and authorization (discussed in detail below)of a subscriber requesting access to content according to the presentinvention rely on the requesting subscriber having set up a digitalidentity. FIG. 4 illustrates one embodiment of an exemplary method forcreating a digital identity according to the invention.

In this implementation, the subscriber is responsible for establishinghis/her digital identity through the CLA 207, maintained in oneembodiment by the MSO 221. As shown, per step 402, the subscriber isprompted to enter, and enters, information at the CLA 207. Thesubscriber enters information which is used to validate the subscriber'sidentity. Additional information may be entered, and/or theabove-provided information may further be used to associate thesubscriber to an MSO 221 business market (such as a demographic, servicelevel type, etc.) or division (e.g., a geographic region, advertisementzone, etc.). Correlation of the subscriber to a division may be usefulfor example in enabling account records to be correlated to thesubscriber, and/or for performing searches for service details duringthe authorization process (discussed below).

The subscriber may also be prompted for login and password values aspart of the digital identity creation process of step 402. The login andpassword values are defined by the subscriber within for example, agiven MSO 221 policy. The login and password values, once establishedand stored (at the MSO 221 or programmer 204) may then be used forfuture login attempts to the MSO site and/or to the programmer site inorder to access services supported thereby.

It will be appreciated that while a login and password combination aredescribed above, other implementations of the invention may utilizeother security mechanisms or approaches. For example, in one variant,the login and password are also coupled with a challenge question (forwhich the user has previously provided an answer). In another variant, auser-specific or pseudo-unique icon is used, such that the user mustenter (i) the login identity; (ii) the password, and (iii) a selectionof “their” icon from among many possible icons. In yet another variant,the IP address and/or MAC address from which the user request is issuedid evaluated in conjunction with the user-supplied login information tofurther validate that the request is coming from a registered address ordevice, respectively.

Per step 404, the CLA 207 communicates with the EIS 214. These entitiescommunicate to set various attributes surrounding the subscriber'sprofile and per step 406, the EIS 214 assigns to the subscriber asubscriber identifier (e.g., GUID). In one embodiment, similar to theaforementioned programmer GUID, the subscriber GUID may comprise a 36alpha/numeric character value, or may take other forms. The subscriberGUID uniquely identifies the subscriber in an obfuscated manner (i.e.,not exposing any private information to internal or external parties).As will be discussed in greater detail below, the subscriber GUID isutilized to provide authentication and authorization of the subscriberwhen the subscriber requests content at the MSO and/or programmer site.

It is appreciated that various mechanisms for providing assistance inthe event the subscriber is unable to create their digital identity maybe employed. For example, by entering the subscriber's zip code orregion (e.g., state, city), the subscriber may be directed todivision-specific contact details, along with online information aidingthe user with usage on various service offerings. Frequently askedquestions (FAQs) and access to an online help via an “ask” or “help”feature may also be provided. Access to online assistance may also beprovided during the authentication process, if required.

As noted above, the subscriber may, in one embodiment, be required toalso create a login and password (or enter other verificationinformation) at the programmer's website. According to this embodiment,the programmer 204 implements its own IDMS-based solution which may ormay not link accounts stored therein to those of the MSO 221. Theaforementioned linking being used to reduce the need for ongoingauthentications (discussed herein below).

In order to provide content to a requesting subscriber, the subscribermust be authenticated and authorized to view the requested content.

Authentication with Linked Accounts—

In one embodiment of the invention, a single subscriber is authenticatedonly once, the process creating a link between the MSO 221 informationfor the subscriber and the programmer information for the samesubscriber (i.e., federating the accounts). According to thisembodiment, the subscriber will not have to be authenticated each timethey attempt to view content, but rather are authenticated only once. Inone variant, the methods and apparatus of co-owned, co-pending U.S.patent application Ser. No. ______ filed concurrently herewith andentitled “APPARATUS AND METHODS FOR CONTENT MANAGEMENT AND ACCOUNTLINKING ACROSS MULTIPLE CONTENT DELIVERY NETWORKS” which has beenpreviously incorporated by reference in its entirety, may be utilizedfor providing identity federation.

To accomplish the aforementioned account federation, the programmer 204must employ at least a basic mechanism for identity management (such ase.g., an IDMS). An exemplary method of federated authentication isillustrated in FIG. 5.

As shown, per step 502, the subscriber logs into a programmer web sitein order to request access to protected content (step 504). As notedabove, the content may be protected by being placed behind a firewall,however other methods of content protection may alternatively oradditionally be employed (such as e.g., encryption, hashing orcryptographic residue for integrity protection, etc.). The type of login(e.g., password and user ID combination), information required at loginand creation of a login identity are each controlled by the programmer204 itself. For example, the programmer 204 determines whether thesubscriber may identify him/herself within the programmer website bye.g., providing an email address and password combination, or any of theother mechanisms previously described with respect to FIG. 4 (e.g.,challenge question, user-specific icon, etc.).

At step 506, upon subscriber login, the programmer 204 uses the IPaddress of the requesting subscriber device to perform a reverse lookupof the MSO 221 associated to that device (i.e., IP addressaaa.bbb.ccc.ddd is associated with MSO XYZ). It is determined at step508 whether the MSO 221 (XYZ) associated to the subscriber deviceaddress is a “known” MSO 221; i.e., is at that point known to theprogrammer 204. It will be appreciated, however, that alternativemethods for determining the MSO 221 associated to the subscriber and/orto the subscriber device may be utilized, the reverse lookup methodbeing merely exemplary. For instance, the programmer 204 may obtain aMAC address for the device issuing the request, and use that MAC addressto perform the reverse lookup. As yet another alternative, a programmeror third party database of user/MSO associations (such as by user name,email address, etc.) may be accessed. Myriad other approaches may beused as well to make this determination.

If the MSO 221 of the requesting device is unknown or cannot bedetermined, then the subscriber is provided with a list of MSO's fromwhich the subscriber may select the appropriate provider (step 510). Inone embodiment, the list may be provided as a pop up window, oralternatively the subscriber may be redirected to an alternate web pagefor selecting the appropriate MSO 221. Alternatively, the user may beprompted to simply enter the name or identifier of their MSO (e.g.,TWC). A “word wheel” type function of the type known in the userinterface arts may optionally be used; i.e., as the user enters theletter “T”, the available choices of MSOs are narrowed to only thosebeginning with the letter “T”, and so forth.

Once the appropriate MSO 221 is selected (step 510), or if the MSO 221of the requesting device is known to the programmer 204, the programmer204 sends an assertion to the identity provider 218 of the appropriateMSO 221 (step 512). In one embodiment, the assertion comprises an SAMLExtensible Hypertext Markup Language (XHTML) form; e.g., a HypertextTransfer Protocol (HTTP) POST message. The exemplary POST message istransmitted to the identity provider server 218, and includes thefollowing information fields or elements:

SAMLRequest—contains a NameIDPolicy type of Persistent

RequestedAuthnContext—URI used to identify the programmer

RelayState—optional

©Copyright 2010 Time Warner Cable, Inc. All rights reserved.

The “Persistent” value is optional, and defines the constraint on therequest. For example, the use of “Persistent” means the requestor(programmer) expects to use the subscriber GUID value returned from theMSO to federate logins. In some cases the field, while optional, doesnot hold much value, as the MSO may in many instances always pass thesame subscriber GUID value regardless of whether the programmer intendsto federate or not. However, the “Persistent” value may be utilized incases where the “Transient” subscriber GUIDs that change each time(occurs when federation is not used) are utilized.

At step 514, the subscriber is redirected to a login page for the MSO221. At the MSO 221 login page, the subscriber is prompted to providelogin information (e.g., MSO-specific login information). The subscribermust log into the MSO 221 web page via the identity provider server 218,since no session has been started. That is to say, a session is startedeach time the subscriber logs into the identify provider. The sessionremains active for a predefined period (e.g., 15 minutes), andterminates automatically after this time period expires for securitypurposes, regardless of whether the user is still on the programmer'sweb site. Having the session active allows the subscriber to move fromone programmer to another without re-authenticating or across videoassets if asset based authorizations are invoked. However,authorizations are still required regardless of the presence of anactive session when changing programmer sites and/or video assets.

In one embodiment, the login requires the subscriber to enter the loginand password values which were established during creation of thatsubscriber's digital identity (see FIG. 4 above). Although separatelogins are required under this embodiment; i.e., for the programmerwebsite and the MSO website, it will be appreciated that the user may bepermitted to use the same or similar information to log into both sites.For example, both the programmer website and the MSO website may permitthe user to use an email address as a username. Accordingly, a singlesubscriber may use the same username (email address) to log into bothsites. A common password, challenge phrase, etc. may also be utilized ifdesired.

The MSO identity provider 218 examines the provided login information todetermine whether it is valid at step 516. If the login information isnot valid, an error message is transmitted to the subscriber (step 518).

If the subscriber's login to the MSO 221 fails at step 516, thesubscriber may be provided an opportunity to be redirected to the CLA207 in order to resolve the issue. For example, the subscriber mayresolve the issue by directly logging into the MSO website. A successfullogin at the MSO website causes the subscriber to be redirected back theprogrammer site, and the method repeats at step 512. If the subscriberis unsuccessful at logging into the MSO website directly, the subscribermay be directed to a support page, phone number, email address, or livechat. In another example, if the subscriber has not yet created adigital identity, the subscriber may do so at the MSO website (see FIG.4 above).

If the subscriber's login to the MSO 221 is successful (at step 516),the MSO identity provider server 218 processes the assertion (sent atstep 512), and provides a response at step 520. In one embodiment, theresponse to the SAML assertion is an XHTML form which is sent to thebrowser containing the following elements:

SAMLResponse—contains a Pseudonym and Subscriber GUID

RelayState—if provided in the initial request

©Copyright 2010 Time Warner Cable, Inc. All rights reserved.

The “Pseudonym” is a permanent name identifier which the MSO provides tothe requestor or programmer that opaquely identifies the user or for MSOthe subscriber. This value can be used by the programmer to federatewith the account, and may be used across multiple sessions and forextended periods of time. In one embodiment, the Pseudonym is not used,and instead the GUID is used as both a persisted and temporary valueprovided to the programmer in either a federated or non-federated model.

The “RelayState” identifies the destination that the user (e.g., MSOsubscriber) is attempting to access (i.e., programmer URL or guardeddeep link). This value is passed by the programmer with the SAML requestto the MSO's identity provider. Upon successful user login, the SAMLresponse is passed back to the user's browser, which includes theRelayState that routes the user to the associated URL containing guardedcontent.

The browser then sends the information (e.g., SAML assertion) back theprogrammer 204. Per step 522, the programmer 204 may link its storedsubscriber login information to that of the MSO 221 by storing thesubscriber's GUID within the programmer's protected data store(s) oftheir IDMS framework, so that future linking or authenticationassertions are advantageously not required.

Lastly per step 524, the process continues to authorization of thesubscriber to view the requested content. The process of authorizationwill be discussed in greater detail below.

Authentication Without Linked Accounts—

Referring now to FIG. 6, a second exemplary method for authenticating auser is illustrated. The method of FIG. 6 is utilized in the instancethe programmer 204 does not link subscriber information stored thereinwith that of the MSO 221 (e.g., does not utilize identity federation).According to the method of FIG. 6, the programmer does not support anyform of identity management, and simply relies on the MSO 221 to handlethe login process for access to content which the programmer has placedbehind protected firewalls (or has otherwise protected in some fashion).

As noted above, SAML supports both federated (linked accounts) andnon-federated authentication models, each having their own relativestrengths and weaknesses. For example, in the federated model, the useronly needs to access the MSO login page once to authenticate;thereafter, the user simply uses the programmer's login capabilities.This eliminates the need to access the MSO login page if theprogrammer's site is the primary origin for content viewing. However, inthe federated model, the MSO has no control over session management, andis reliant on the authorization service 202 to validate whether the useris still an active subscriber. Furthermore, in certain implementations,the federation model requires that the user remember two sets ofusernames/passwords.

Alternatively, in the non-federated model, the programmer does not haveto support IDMS functionality, and may be totally reliant on the MSO tomanage username/password functions and associated identities (i.e.,sub-accounts). Furthermore, the MSO is able to recognize during theauthorization request that a subscriber is no longer active, and mayeliminate the need for a programmer to execute an authorization requestfor that subscriber. However, under the non-federated model, the user isrequired to access the MSO's login page for each browser session, andagain after a predetermined period from the start of a session, which isbased on the expiry value contained in the authorization response (e.g.,24 hours). Still further, the MSO may be required to support complexlogin pages managed through iframes and pop-ups to mask redirection fromthe programmer's site to an MSO hosted login page

Per step 602 of the method, a request for access to protected content isreceived from the subscriber at the programmer website. According tothis method, the subscriber need not login to the programmer's site,because the programmer 204 does not support an IDMS or other system formaintaining subscriber information. For instance, in one case, thesubscriber directly or indirectly enters the programmer's website URLinto their Internet browser (e.g., clicks on a hyperlink or the like),and when at the site, selects content for download, thereby causing arequest to be sent to the programmer's content server.

When the request is received, an MSO 221 associated with the subscriberand/or the device is determined at step 604. This can be accomplishedfor example using the methods previously described herein, or otherapproaches. For example, the subscriber may be redirected to a page onthe programmers' site where the user can select from a dropdown list ormenu structure or other mechanism, their associated MSO. Thereafter, thecorresponding login page will be displayed to complete theauthentication process based on the implemented approach (i.e.,redirect, popup or iframe). Note that the programmer may provide MSOselection capabilities on a main page, foregoing the need to redirect toa sub-page.

In another embodiment, the programmer only supports guarded content forthe MSO, and when the user selects something requiring login, thesubscriber is presented a login page based on the implemented approach(i.e., redirect, popup or iframe).

In yet another embodiment, the programmer can derive the subscriber'sMSO based on the IP address from which they originated. Then, theprogrammer can elect to initiate the MSO login process based on theimplemented approach (i.e., redirect, popup or iframe) and/or confirmwith the subscriber their MSO to ensure the correct login page ispresented.

Next, per step 606, the programmer 204 sends the request to the identityprovider 218 of the associated MSO identified in step 604. In oneembodiment, the programmer 204 sends an XHTML form that POSTs to theidentity provider server 218, the POST containing the followingelements:

SAMLRequest—contains a value of AuthnRequest type of Transient

RelayState—optional

©Copyright 2010 Time Warner Cable, Inc. All rights reserved.

The AuthnRequest type from the programmer can contain a value of either“Transient” or “Persistent” that denotes their intended use of the GUIDreturned in the response. The Transient value indicates that there is nofederation involved, and the GUID will be used for the length of thesession, whereas the Persistent value indicates the programmer intendsto federate or link accounts.

The identity provider 218 determines that no login session has beencreated or is active, and redirects the subscriber to the MSO loginpage, where the subscriber must login to validate credentials (step608). According to this method 600, the subscriber has only one set oflogin credentials (i.e., those necessary to log into the MSO site).Since the programmer 204 in the embodiment of FIG. 6 does not store thesubscriber GUID, the subscriber must log into the MSO 221 (via theidentity provider 218) for every new web session.

Per step 610, the login credentials are validated. If the enteredcredentials are not valid (do not match stored information for thesubscriber, and/or no stored information for the subscriber can befound), an error message is presented to the subscriber (612). Failureduring the login process may cause the subscriber to be redirected toCLA 207 to resolve the conflict by re-trying the login process, creatinga digital identity (if one has not yet been created), seeking help fromonline resources, or directly contacting the MSO 221.

If the credentials are valid, the identity provider 218 returns aresponse to the request at step 614. In one embodiment, an XHTML form isreturned to the browser which returns the following elements to theprogrammer 204:

SAMLRepsonse—contains Pseudonym (used as transient Subscriber GUID)

RelayState—if provided in the initial requests

©Copyright 2010 Time Warner Cable, Inc. All rights reserved.

Lastly, once the subscriber is authenticated, the method proceeds tosubscriber authorization (step 616), where it is determined whether thesubscriber is authorized to view the requested content. The process ofauthorization will be discussed in greater detail below.

Account Decoupling (De-Federation)—

As noted above, in certain embodiments, the programmer 204 may utilize aseparate IDMS, and may link a subscriber account contained therein to anMSO 221 subscriber account for the same subscriber. Later, it may benecessary to decouple or unlink the subscriber's account, such as if thesubscriber is no longer a customer of a first MSO, and instead now is acustomer of a second MSO. This may be executed through a backoffice“call” or communication from the programmer 204 to the MSO 221.

To accomplish the de-federation process, the programmer 204 in oneembodiment must create a set of web pages which allow the subscriber toconduct the unlinking process, including verifying the subscriber wantsto remove the link of their account with the programmer 204 to the MSO221. FIG. 7 illustrates an exemplary embodiment of a method which maygenerally be used for decoupling or unlinking a subscriber account.

As shown, per step 702 a request to de-federate the account is receivedfrom the subscriber at the programmer 204. In response to receiving thesubscriber request, the programmer 204 develops a request to be sent tothe MSO 221 (step 704). The programmer 204 may utilize the NameIdentifier Management Protocol or other such mechanism to generate andsend the request to the identity provider 218, for example, an<ManageIDNameRequest> containing the subscriber's pseudonym may be sent.

The Name Identifier Management Protocol provides mechanisms to changethe value or format of the name of a principal (subscriber). The issuerof the request can be either the service provider (programmer) or theidentity provider (MSO). The protocol also provides a mechanism toterminate an association of a name between an identity provider andservice provider.

The ManageNameID within the Name Identifier Management Protocol providesa way to initiate name identifier changes or terminations. For example,after establishing a name identifier for use when referring to aprincipal, the identity provider may want to change its value and/orformat. Additionally, an identity provider might want to indicate that aname identifier will no longer be used to refer to the principal. Theidentity provider will notify service providers of the change by sendingthem a ManageNameIDRequest. A service provider also uses this messagetype to register or change the SPProvidedID value (included when theunderlying name identifier is used to communicate with it), or toterminate the use of a name identifier between itself and the identityprovider.

The identity provider 218 (and/or other MSO 221 entities) processes therequest at step 706. If the request is processed successfully (step708), then per step 712, a verification code is returned to theprogrammer 204. In one embodiment, the verification code may comprise a<ManageIDNameResponse> with a code verifying the success of theunlinking. If the de-federation is successful, any future attempts bythe subscriber to view protected content will be denied. The subscribermust re-establish its identity via the authentication process (FIG. 5 or6), which may result in the re-linking of the subscriber's account(e.g., in the case of the methodology of FIG. 5).

If the request is not processed successfully (step 708), then, per step710, a failure message is returned to the programmer 204. In oneembodiment, the failure message may comprise a <ManageIDNameResponse>with a code indicating the failure of the unlinking. The programmer 204can initiate another request if the response provided by the MSO 221indicates failure to unlink the accounts.

In another embodiment, the methods and apparatus of co-owned, co-pendingU.S. patent application Ser. No. ______ and entitled “APPARATUS ANDMETHODS FOR CONTENT MANAGEMENT AND ACCOUNT LINKING ACROSS MULTIPLECONTENT DELIVERY NETWORKS” which has been previously incorporated byreference in its entirety may be utilized for de-federating accounts.

Authorization—

As discussed above, once a subscriber is authenticated, it must bedetermined whether the subscriber is authorized to view the particularcontent requested, and optionally if any use (or even distribution)restrictions apply. An exemplary authorization process is illustrated inFIG. 8. The authorization process is used to validate a Subscriber'sentitlement to content being requested from a programmer 204.

In one embodiment, authorization is conducted real-time against variousbackend information management systems within the MSO 221. In oneexample, the authorization process (e.g., FIG. 8) is performed at leastonce within a 24-hour period. However, the frequency and level ofauthorization transactions may vary according to e.g., pre-determined,mutually defined schemes implemented by the MSO 221 and/or theprogrammer 204.

As illustrated, per step 802, before an authorization can take place, itis determined whether the subscriber is logged into the MSO site. Thesubscriber must have started a session through either the programmer'sIDMS application (if account linking is supported by the programmer204), or by logging into the identity provider server 218 (if accountlinking is not being supported by the programmer 204). If it isdetermined that the subscriber has not yet logged in, per step 804, thesubscriber is redirected to either the programmer's or MSO's co-brandedlogin pages, where a session may be setup.

Next, per step 806, an authorization request is sent from the programmer204 to the SOA 208 (at the MSO 221). In one embodiment, the request mayinclude the subscriber GUID acquired during the authentication process,along with other information including one or more of the followingelements:

SubscriberID—contains the Subscriber GUID

ResourceID—Identifies the content being requested (individual channelsor ‘ALL’)

ActionID—default value of “View” (reserved for future use)

MediumID—default value of “Internet” (reserved for future use)

SubscriberIP—contains the originating IP address (reserved for futureuse)

©Copyright 2010 Time Warner Cable, Inc. All rights reserved.

The authorization request may also include the pre-assigned programmerGUID provided by the MSO 221 (discussed above), which is in oneembodiment, defined within the XML element structure.

Note that in one embodiment, the ResourceID element contains identifiersfor multiple resources supported by a programmer 204 (i.e., 1 thru Xchannels, or a request for ALL), thus reducing the number of individualauthorizations per subscriber. As will be discussed below, the MSO 221may then return a single response which provides individual decisionsfor each resource.

At step 808, when an authorization request is received, the SOA 208immediately interrogates the EIS 214 to validate that the subscriberGUID is active. If the subscriber GUID is not active, a message isreturned to the programmer 204 indicating that the programmer may retry(step 810) sending the authorization request.

If the subscriber GUID is active, the SOA 208 continues to process therequest for information. Per step 812, the SOA 208 determines thesubscriber identity. Acquisition of subscriber identity may includedetermining an associated division ID, billing system ID, etc.

At step 814, the SOA 208 begins collection of service details associatedto the subscriber including e.g., service level. The SOA 208 initiates aseries of requests to backend information management systems, or tolocal data caches within the MSO 221, for retrieval of service detailsafter the identity of the subscriber's account has been obtained fromthe EIS 214. The information collected is then compared to the requestto determine authorization at step 816.

If the service details match the requirements for the requested content,a “Permit” message is transmitted to the programmer 204 (step 818). Forexample, if the service details indicate that the subscriber iscurrently purchasing a premium level of service, and the requestedcontent is within the premium package, the subscriber will be permittedaccess to the content. The Permit message indicates that the subscriberwas found to have rights to the resource (i.e., active account andactive service). Accordingly, the content may be provided to thesubscriber (step 820).

At step 822, the programmer 204 may elect to set an entitlement cookieon the subscriber's browser after receiving a Permit decision from theMSO 221 (step 818). The entitlement cookie allows the subscriber to viewcontent from the programmer's site without requiring an additionalauthorization request to be issued, unless the cookie is cleared or thesubscriber uses a different device. While the user experience isheightened by establishing a cookie and eliminating delays in contentviewing when another authorization request is conducted, securityconcerns may be raised. For example, a risk of fraud through reuse ofthe cookie across a wider user community that is not subscribing to paidservices of the MSO 221 and/or the programmer 204 is increased.

However, it is noted that each authorization request has an expiry valuein the exemplary embodiment, and the programmer must adhere to the samevalue in the cookie, which is tested during certification. The defaultis 24-hours, but the value is configurable by the MSO based onResourceID. Reducing the expiry value can help reduce fraudpossibilities by requiring more frequent authorizations. In addition,the cookie is meant to be specific to a programmer and associatedresource (i.e., channel or brand), and not ubiquitous across programmersor other resources, thus, requiring the subscriber to login each time ifoutside the 15-minute authentication session and execution of anotherauthorization, regardless of within the 15-minute session, or ifaccounts are federated.

It is appreciated that, if a cookie is used, the cookie does not containthe subscriber GUID in order to protect the privacy of the subscriber.In other words, the GUID should not be persisted in the cookie. While anobfuscated value, the GUID is still permanently linked to thesubscriber's account under one embodiment of the authentication service.

In lieu of the cookie, the programmer 204 may elect instead to persistthe value of the last good authorization request for each subscriberwithin the programmer's 204 backoffice application(s). The storedauthorization request may be used for future subscriber requests withinfor example, a 24-hour period for the same content. Using thisembodiment, additional authorization requests for the same subscriber(and for the same content) are reduced. The programmer 204 may resort tothe stored authorization request as well as in the event of a failedauthorization from the MSO 221 indicating an “Indeterminate” response.As discussed elsewhere herein, an Indeterminate response indicates thatthe lookup to MSO 221 backend information systems failed to returnexpected results or timed out during the request.

The programmer 204 can reference the last successful authorization (asdiscussed above) when the subscriber terminates and reestablishes theirweb session. For example, if the content requested and associated lengthof time is within e.g., a 24-hour expiration window, then no furtherauthorizations are required. However, if the authorization is no longerwithin the 24-hour (or other predetermined length of time) expirationwindow for the requested content, then the programmer 204 is required toexecute another authorization, such as according to the method of FIG.8.

As noted previously, the aforementioned process can be used by theprogrammer 204 for authorizations that failed to produce any responsefrom the MSO 221, or for those which receive an Indeterminate response.In these situations, the programmer 204 may elect to default to the lastpositive authorization, and provide content to the Subscriber accordingto one or more policies for doing so, which are predetermined and agreedupon by the MSO 221 and programmer 204. For instance, the content may beprovided with copyright/DRM or other types of protection in order tolimit its distribution/copying. Or, the content may only be providedwith certain “trick mode” or Start-over type features (or lack thereof).

Referring again to FIG. 8, if the service details do not match therequirements for the requested content, a “Deny” message is transmittedto the programmer 204 (step 824). The Deny message indicates that thesubscriber was found not to have rights to the resource (e.g., they havean active account, but not an active service). If service is denied, theprogrammer 204 provides a pre-defined message to the subscriberindicating the reason; in one embodiment, the message may furtherinclude instructions or a link for online help to aid in resolving thedenial.

In some instances the MSO 221 may not be able to determine whether therequest for content and subscriber service details match. Accordingly,the MSO 221 may transmit a “Not Applicable” or an Indeterminate message.The Not Applicable message indicates that the SystemID, ResourceID,and/or SubscriberID are not configured, associated and/or recognized. Asdiscussed elsewhere herein, an Indeterminate response indicates that thelookup to MSO 221 backend information systems failed to return expectedresults or timed out during the request.

The decision table of Appendix I illustrates an exemplary mechanism forhow the service renders a decision, what should be logged to the SOAlogging system, and what reason should be returned to the programmerwith the rendered decision. Note that the numeric value in the “Reason”column of Appendix I may be returned in the reason field of the responseas discussed elsewhere herein. In one embodiment, the text in the“Reason Description” column is not returned as part of the serviceresponse.

In response to receiving the Not Applicable or an Indeterminate message,the programmer 204 may elect to automatically issue anotherauthorization request to the MSO 221 (i.e., retry) in an attempt toobtain a less ambiguous response (step 826). As noted above, in responseto an Indeterminate message, other methods for authorizing thesubscriber may be used, such as reverting to a previously authorizedrequest.

In many instances, a decision value of Indeterminate may be used toindicate that one or more pieces of information passed on the requestwere not recognized/provided, and are likely outdated and requireupdating, by either the programmer 204 or the MSO 221, if a differentresponse is to be expected.

The decision to use an automated retry process (step 826) is animplementation detail which is determined by both the MSO 221 and theprogrammer 204, including the amount of retries (i.e., number andfrequency) permissible. Generally, the method of FIG. 8 does not employa retry step where the decision value is Deny, since (1) data on asubscriber's account is static for e.g., a 24-hour period and unlikelyto change, and (2) continued delays in determining authorization(positive or negative) will frustrate the subscriber during theexperience. However, it such a retry step may be included if desired.

It is also noted that while authorization under the method of FIG. 8discusses evaluation of the service level or tier of the subscriber, theindividual channels to which a subscriber may have access may also beevaluated as the subscriber's service details (step 814). According tothis embodiment, any resource or channel falling within e.g., the MSO(for instance, cable) programming service tier (CPST) will qualify for aPermit response against a subscriber's account that is in an activestatus, and where service is purchased. In yet another embodiment, thestatus on the account (e.g., seasonal or non-pay) may also be evaluatedin addition to checking individual channels on a division-by-divisionbasis.

In one exemplary embodiment, the transmitted Permit, Deny, NotApplicable and Indeterminate messages received from the SOA 208 willeach contain the following information:

ResourceID—identifies the content being requested

Decision—identifies the authorization status (e.g., Permit, Deny,NotApplicable, Indeterminate) for each ResourceID provided in theauthorization request

Reason—identifies the reason for any Decision other than “Permit”

Expiration—contains W3C combined data/time UTC (e.g.,YYYY-MM-DDTHH:MM:SSZ)

©Copyright 2010 Time Warner Cable, Inc. All rights reserved.

Exemplary business rules which may be utilized to make decisions onwhether to send any of the aforementioned messages are illustrated inthe table of Appendix J.

It is also noted that rules or functional restrictions can be relayedfrom the MSO to the programmer 204 via messaging conducted pursuant to aparticular subscriber request, or alternatively can be pre-positionedwithin the programmer site as a rule set (i.e., every Gold subscriberrequest has Rule Set 1 applied, every Silver subscriber has Rule Set 2applied, and so forth). The former approach has the advantage of beingable to particularly tailor the rule(s) sent to the programmer 204 tothe individual subscriber (e.g., via the subscriber GUID, MAC address,or other unique information), yet necessitates extra messaging trafficand latency.

Additionally, the MSO 221 and/or programmer 204 may, throughout theauthorization process (FIG. 8) provide so-called “eye wash” to thesubscriber in the form of e.g., advertisements, co-branding messages,telescoping materials, audio, or other forms of streaming content toreduce “dead air”, thus enhancing the overall user experience.

Potential delays in the authorization process may be addressed bycausing the programmer to return the subscriber to the RelayState URLand start playing advertisements within their player while theauthorization completes. In many instances, advertisements are shownprior to displaying a requested video; therefore, pre-running theadvertisement would be consistent in the current user experience whilethe authorization is executed.

In the event a DENY response is returned, then the programmer can usethe opportunity to suggest an “up-sell” of MSO services and/or supply amessage to contact the MSO for additional information on how to accessonline content including telephone numbers and web site URLs.

Appendix K illustrates exemplary reason codes per MSO organizationalunit (e.g., per division). Each cell in the table represents thesubscriber message content to be returned for that reason for thatdivision(s). Although only the Greensboro (GSO) divisions areillustrated in the given table, it is appreciated that other divisionsmay use similar messages and/or reason codes (such as e.g., New YorkCity (NYC), Rochester (ROC), Syracuse (SYR), Charlotte (CLT), etc.). Thetable contains the values to be configured for development (DEV) andquality assurance (QA) environments. The development environment is usedfor the development of the authentication and authorizations services.The quality assurance environment is used for testing of theauthentication and authorizations services. For the authorizationservice, there are multiple QA environments used for functional,performance and regression testing as well as one used for externaltesting with programmers during the formal certification process(discussed above).

Various MSO 221 entities are responsible for working with the businessowners (or programmers) to determine values to be used in production.However, in the absence of explicit business input on production values,all divisions are configured to use the “Other” value listed in thetable.

Session Control—

Control of a subscriber's web session may be directed by the programmer204 in one embodiment (such as via the account linking or federationdiscussed above). Alternatively, the MSO 221 may control the web sessionby e.g., hosting all or part of content streamed by programmers 204,and/or both the MSO 221 and programmer 204 may provide controlmechanisms thereby allowing one or dual paths for subscriber access.

According to the linked or federated embodiment, the MSO 221 will onlyhave session awareness during the initial authentication process foraccount linking (see FIG. 5). Therefore, the programmer 204 isresponsible for session management fraud protection (limiting the numberof simultaneous sessions on the site) as long as the MSO 221 andprogrammer accounts for the particular subscriber remain linked.

Alternatively, if the programmer 204 relies on the MSO 221 to manage thelogin process (e.g., the non-federated approach of FIG. 6), then sessioncontrol is established through the MSO's identity provider server 218each time the subscriber elects to access protected content (e.g.,“guarded” behind the programmer's 204 firewall) where there is notalready an established session. If there is not an established session,the subscriber is redirected to the MSO's login page, where thesubscriber must establish a session (i.e., log in) before continuing asdescribed above; i.e., the aforementioned authentication andauthorization methods.

For either of the above described embodiments (linked and non-linkedaccounts), the programmer 204 is provided a pseudonym and GUID uponsuccessful login (i.e., at authentication). The GUID may then be usedfor authorization requests throughout the established session.

In one embodiment, the pseudonym is transient and only valid during thesession. It is the responsibility of the programmer 204 to destroy theinvalid pseudonym and information relating thereto, once the sessionexpiry time (or other condition, such as number of accesses) haselapsed, or when the programmer 204 detects that the subscriber hasexited the programmer's site or a restricted set of web pages. Inaddition, the programmer 204 may send an XHTML form that will POST tothe identity provider server 218 containing the following information:

-   -   LogoutRequest    -   Transient NameID pseudonym    -   Optionally—Session Index        -   ©Copyright 2010 Time Warner Cable, Inc. All rights reserved.            The identity provider server 218 processes the request, and            returns a XHTML form to the browser which is redirected to            the programmer 204 with the following elements:    -   LogoutResponse    -   Status        -   ©Copyright 2010 Time Warner Cable, Inc. All rights reserved.            The programmer 204 then displays to the subscriber a message            that the subscriber's session has terminated, and may            provide the subscriber with the ability to re-establish a            session (as desired).

It is appreciated that various metrics on the “user experience” may becollected and shared by both the MSO 221 and the programmer 204throughout each user session. The scope of the information gathered andrelated web analytics applied is defined by both the MSO 221 andprogrammer 204. For example, such metrics may include the time anestablished session lasts, the ratio of successful login attempts tototal login attempts, etc. Examples of authorization based metrics arelisted in the tables of FIG. 9.

Performance, Operational, and Security Requirements, Errors and Logging—

The performance requirements utilized with the exemplary embodiments ofthe invention address expected service response times and requiredtask-level accuracy. Exemplary performance requirements are illustratedin Appendices L-S. As defined therein, the requirements are onlymeasurable within the internal service boundaries.

Appendix L illustrates exemplary volume and speed requirements.

Appendix M illustrates exemplary reliability and availabilityrequirements.

Appendices N-O illustrate exemplary operational requirements; theoperational requirements describe the environment in which the servicewill exist. This table contains requirements on the physicalenvironment, hardware, software, communication interfaces and dataformats.

The table of Appendix P illustrates exemplary requirements related tothe security of the service. More specifically, this table providesdetails related to service access and the sensitivity of data processedby the service.

Exemplary requirements for logging, monitoring and alarming areillustrated in Appendix Q.

Sample SOA service summary logging reports are illustrated in AppendixR.

Appendix S illustrates exemplary disaster recovery requirements.

User Device—

Generally, the exemplary user devices useful with the present inventionwill include e.g., a network interface (including an interface foraccessing the Internet), a processor and associated storage, andoptionally a plurality of back end interfaces for communication withother devices. The user device can assume literally any discrete formfactor, including those adapted for settop/desktop, hand-held, orwall-mounted use, or alternatively may be integrated in whole or part(e.g., on a common functional basis) with other devices if desired.Additionally, the user device may include other elements and interfacessuch as for example an interface for the HomePlug A/V standard whichtransmits digital data over power lines, a PAN (e.g., 802.15),Bluetooth, or other short-range wireless interface for localized datacommunication, etc.

In one embodiment, the network interface receives content and/or datavia one or more RF tuners configured to receive content from an HFCnetwork 101. The RF tuner(s) may comprise traditional video RF tuner(s)adapted to receive video signals over, e.g., a QAM. For example, the RFtuner(s) may comprise one or more tuners, a demodulator, decryptionmodule, and demultiplexer of the type well known in the art, althoughother configurations may be used. A wideband tuner arrangement such asthat described in co-owned and co-pending U.S. patent application Ser.No. 11/013,671 entitled “METHOD AND APPARATUS FOR WIDEBAND DISTRIBUTIONOF CONTENT” filed Dec. 15, 2004 and incorporated herein by reference inits entirety, may also be utilized, such as where the content associatedwith one or more program streams is distributed across two or more QAMs.Additionally, the RF tuner(s) may incorporate functionality to modulate,encrypt/multiplex as required, and transmit digital information forreceipt by upstream entities such as the CMTS.

Alternatively, the network interface may comprise any other means forreceiving content from a network. Digital data received via the networkinterface may include for example MPEG-2 encoded programming data thatis forwarded to a television monitor via a video interface. Programmingdata may also be stored on the storage unit for later distribution byway of the video interface, or using a Wi-Fi interface, Ethernetinterface, FireWire (IEEE Std 1394), USB/USB2, or any number of othersuch options.

Programming and other types of data including pictures, video, music orMP3 files, software applications, metadata files, etc. may also bereceived by way of the various digital interfaces in the user device.These data may be stored locally (e.g., in the storage unit) or even ona device or network agent in communication with the user device, forlater use by a user as is discussed in co-owned co-pending U.S. patentapplication Ser. No. 11/378,129 entitled “METHODS AND APPARATUS FORCENTRALIZED CONTENT AND DATA DELIVERY”, previously incorporated herein.

During operation of the user device, a client application (located inthe storage unit) is run on the microprocessor. The client applicationfollows appropriate protocol for sending requests for content andreceiving requested content as well as for providing additionalinformation to the network to facilitate authentication andauthorization (discussed above) by providing information regarding thesubscriber/user and/or device to the network entities discussed above.For example, the client application may provide subscriber accountinformation upstream in order for the EIS 217, SOA 208, and otherentities to identify the subscriber and provide content based on what isknown (at the MSO 221) about the subscriber.

While the foregoing embodiments of the invention have been describedprimarily with respect to the network-side elements (i.e., programmersite 204, MSO, etc.), it will be appreciated that other implementationsof the invention may utilize a specially adapted CPE or client device(e.g., PMD) used by the subscriber in generating the request forprotected content. For example, the CPE or client software applicationor stack component may obtain and format request messages or othermessages (e.g., logins) for certain programmer sites according to aprescribed configuration. In one such implementation, a subscriberaccesses a designated programmer website, wherein the website passes thesubscriber its programmer GUID or other identifying information. Theclient application then uses this information to recognize the site as“MSO affiliated”, and thereby necessarily being compliant with theaforementioned protocols and EDL. The client application then formatsand requests for protected content or other messages between thesubscriber device and that website according to the EDL, such as byincluding MAC address, subscriber GUID, etc. In this fashion, thewebsite is relieved of some of the burden of such formatting, and one ormore subsequent messages between the two entities may be obviated (i.e.,the website does not have to go back and ask the client device for eachrequisite piece of information it requires to process the subscriber'srequest). In order to address privacy and security concerns with thismodel, it is appreciated that in one embodiment, authentication andauthorization interfaces may be created with additional contentmanagement systems (CMS) entities including utilization of this modelwhere data is stored more securely at a server.

In another embodiment, the various restrictions (if any) to theprovision of content to a user at a display or rendering deviceassociated with the user device are determined by the device (e.g., CPE106, PMD 107, etc.) itself, as discussed in co-owned, co-pending U.S.patent application Ser. No. 12/716,131 filed on Mar. 2, 2010 andentitled “APPARATUS AND METHODS FOR RIGHTS-MANAGED CONTENT AND DATADELIVERY”, which is incorporated herein by reference in its entirety. Asdiscussed therein, a downloadable or transferable rights profile coupledwith a “smart” media player application are given. The rights profilecontains information regarding the specific rights of a device and/or asubscriber to access content. It is via the rights profile that thedevice (via the media player and its associated rights managementapplication) determines whether to provide content to a subscriber,and/or what restrictions or privileges to apply. Hence, in the presentcontext, the MSO (e.g., CLA 207) might generate a rights profile andpass this profile (or information indicating which of a plurality ofpre-positioned profiles to apply) to the programmer 204 for transmissionto the smart media player on the client device.

In addition, the client application may be configured to collectinformation regarding the user's actions with respect to content, andpass this upstream (whether to the programmer or the MSO). For example,the client application may record button presses, playback events, trickmode events, etc. and pass this information to MSO 221 entities whichmay use the information to make various business decisions includinge.g., secondary content insertion decisions.

Methods and apparatus for providing such secondary content insertion maybe of the type discussed in co-owned, co-pending U.S. patent applicationSer. No. 11/441,476 filed on May 24, 2006 and entitled “SECONDARYCONTENT INSERTION APPARATUS AND METHODS”, which is incorporated hereinby reference in its entirety, and may be utilized to provide dynamicsecondary content insertion (e.g., replacement of dated orgeographically inappropriate advertisements or promotions), and therebyallow the MSO or other network operator to adjust the secondary contentto make it more applicable to the remote user's context (e.g., location,hardware/software environment, date/time, etc.). Additionally, theapparatus and methods discussed in co-owned, co-pending U.S. patentapplication Ser. No. 11/198,620 filed on Aug. 4, 2005 and entitled“METHOD AND APPARATUS FOR CONTEXT-SPECIFIC CONTENT DELIVERY”, which isincorporated herein by reference in its entirety, may be utilizedconsistent with the present invention. As discussed therein,contextually-related “secondary” content (e.g., advertising messages,useful informational links, etc.) may be provided in association withother primary content selected by the user.

While there are no limitations on the user devices in reference to theauthentication and authorization services discussed herein, in oneembodiment, the devices may include an operating system (e.g., Windows2000, Windows XP, Windows Vista, Windows 7, Mac OS X 10.2 “Jaguar”, 10.3“Leopard”, 10.4 “Tiger”), RAM (e.g., 128 MB or 512 MB), video card(e.g., 32 MB or 128 MB), Internet browser (e.g., Internet Explorer 5.5(or higher), or Firefox/Mozilla 1.5 (or higher)), Internet broadbandConnection, and media player application (e.g., Adobe Flash or similar).

It is further noted that power line-based Internet adapters and otherwireless technology such as Wi-Fi, Bluetooth and wireless data cards maybe used consistent with the exemplary embodiment as long as they cansupport the proper download speeds necessary to render video play at anacceptable user level (i.e., not causing jerkiness, freezing, dropout,pixilation, etc.).

Anonymity—

As noted above, certain data (including collected data, etc.) may beparticular to or identified with a particular subscriber, user, or userdevice. Accordingly, such data may, in addition to being obfuscated asdescribed above, also be anonymized by inter alia, the use of acryptographic hash to protect the privacy of the identified subscriber,user, and/or device. In one embodiment, the techniques for providinganonymity utilizing a cryptographic hash described in U.S. patentapplication Ser. No. 11/186,452 filed Jul. 20, 2005 and entitled “METHODAND APPARATUS FOR BOUNDARY-BASED NETWORK OPERATION”, which isincorporated herein by reference in its entirety, may be utilized inconjunction with the present invention. As disclosed therein, theidentity of a subscriber device or subscriber is anonymized by using acryptographic hash coupled with an optional “opaque” variable whichcarries information relating to the subscriber device of the hash withwhich it is associated. The hash and opaque variable frustratede-encryption or reverse-engineering of the individual subscriber'sidentity or specific location. Alternative methods of providinganonymization may also be utilized consistent with the presentinvention.

While complete anonymization (i.e., there is no way of tracing oridentifying the source) is generally not applicable to information whichmust be used to uniquely identify an individual and/or device, partialanonymization such as that described above is readily used with thepresent invention. For example, it may be desirable to perform a one-wayhash of a user's IP address or MAC address so that someonesurreptitiously obtaining the information cannot determine the sourcedata (actual address), but the hash algorithm produces a knowndeterministic result with the same “seed”, and hence the hash output canbe used to uniquely identify a given user/device, such as by matchingthat hashed output with known outputs from the same algorithmcorresponding to existing subscribers/devices. This hashing is to bedistinguished from encryption, wherein the original source data(address) can in fact be recovered and read when the encrypted data isdecrypted (such as via a public/private encryption key pair).

Business/Operational Decision Engine—

In another aspect of the invention, a so-called “decision” engine may bedisposed at e.g., the SOA 208, EIS 217, CLA 207, identity provider 218,content server 203, CPE 106, or other location (e.g., rendered as one ormore computer programs disposed thereon). This engine comprises, in anexemplary embodiment, one or more software routines adapted to controlthe authentication/authorization and content delivery processes in orderto achieve one or more goals relating to operations or business (e.g.,profit or revenue or subscriber retention). Included within these areasare network optimization and reliability goals, increased maintenanceintervals, increased subscriber or user satisfaction/longevity,increased subscription base, higher profit (e.g., from increasedadvertising revenues, more subscriber “views” of given content, greaterflexibility in the types and locations of platforms from which thesubscriber may access content, and so forth).

These decision rules may comprise a separate entity or process, and mayalso be fully integrated within other processing entities (such as theapplications running on the aforementioned entities and/or the clientapplication), and controlled via e.g., a GUI displayed on a deviceconnected to the relevant server, network entity, or even CPE. Ineffect, the rules engine comprises a supervisory entity which monitorsand selectively controls content access and delivery operation at ahigher level, so as to implement desired operational or business rules.The decision engine can be considered an overlay of sorts to the morefundamental algorithms used to accomplish required network operation,such as IP address assignment, secondary content selection andinsertion, statistical multiplexing, BSA switching, and so forth.

For example, the SOA 208, EIS 217, CLA 207, identity provider 218,content server 203, CPE 106 may invoke certain operational protocols ordecision processes based on information or requests received from theCPE 106 or PMD 107, conditions existing within the network, demographicdata, geographic data, etc. However, these processes may not always becompatible with higher-level business or operational goals, such asmaximizing profit or system reliability. Hence, when imposed, thebusiness/operational rules can be used to dynamically (or manually)control access to and delivery of content. The decision rules may be,e.g., operational or business-oriented in nature, and may also beapplied selectively in terms of time of day, duration, specific localareas, or even at the individual user level (e.g., via specificidentification of the CPE or client device via TUNER_ID, IP address, MACaddress, or the like, or via a user-based login or “entitlements”profile of the type previously described herein).

For example, one decision rule implemented by the decision engine maycomprise providing protected content from the third party (e.g.,programmer 204) according to a tiered system. Content under such anapproach might be selected in part on the revenue such delivery willbring to the MSO based on the content source.

In another variant, the use rights or features provided with therequested (protected) content may be varied as a function of e.g.,subscriber subscription level, time of day, requesting devicecapability, etc. For instance, a request received from a premium levelof “Gold” subscriber might be serviced with a content stream thatincludes complete “trick mode” functionality (i.e., FF, REW, Pause,etc.), or for broadcasts a “start over” functionality, whereas a lowertier subscriber's request might not include one or any of thesecapabilities. The number of plays can be limited as well; e.g., Goldsubscribers receive unlimited plays, while lower tiers receive only oneor a finite number of plays of the content. As noted above, these rulesor functional restrictions can be relayed from the MSO to the programmer204 via messaging conducted pursuant to a particular subscriber request,or alternatively can be pre-positioned within the programmer site as adecision rule set.

Moreover, the quality of content provided can be varied as needed ordesired. For instance, use of different encodings or bitrates (e.g., HDversus SD), QoS parameters, latency, etc. can be employed depending onthe subscriber (individually), the general classification of thesubscriber (e.g., Gold), time of day, available resources,revenue/profit implications of each option, etc.

Secondary content (e.g., advertisements, promotions, featured links,etc.) insertion decisions may also be governed by thesebusiness/operational rules, as previously noted.

It will also be recognized that both the MSO and the third party (e.g.,programmer) may employ different business or operation decision rules toone another. For example, the MSO might establish preferential rules orclasses for the various programmers, such that service provided to thesedifferent programmers is differentiated in some fashion. In one suchcase, those programmers paying the MSO a fee, or with which the MSO hasa pre-existing business relationship, may be given preferential serviceand capabilities.

The MSO and/or programmer may also structure a business relationshipwhereby one “pays” the other via some sort of consideration forservicing of requests. For example, an MSO might pay a given programmer$X for each valid MSO subscriber request serviced by the programmer,since the MSO is in effect leveraging the programmer's infrastructure toextend the reach of its capabilities for the MSO customers (i.e.,extension of the “four any's” model described in co-owned U.S.Provisional Application Ser. No. 61/256,903 entitled “METHODS ANDAPPARATUS FOR PACKETIZED CONTENT DELIVERY OVER A CONTENT DELIVERYNETWORK” previously incorporated herein. Conversely, the programmermight pay the MSO consideration for each MSO subscriber requestserviced, or an advertisement click-through basis, etc. in that if theMSO instructs its subscribers to use the programmer's sitepreferentially over others, this may generate additional revenue (suchas via the aforementioned click-throughs) for the programmer or itsadvertisers.

In one embodiment, the so called “Roadrunner Video Channel” or“Symphoni™ Online” products of Assignee hereof may use theauthentication/authorization applications. Under this model the MSO canconduct its own regional or localized advertising as part of programmeringested content or outside, including eventually targetedpersonalization of advertisements based on user demographics and viewingheuristics. This includes e.g., click-through to advertiser's web sitesthat can be monitored via web analytics for monetary remittance orcollection.

Many other approaches and combinations of various operational andbusiness paradigms are envisaged consistent with the invention, as willbe recognized by those of ordinary skill when provided this disclosure.

It will be recognized that while certain aspects of the invention aredescribed in terms of a specific sequence of steps of a method, thesedescriptions are only illustrative of the broader methods of theinvention, and may be modified as required by the particularapplication. Certain steps may be rendered unnecessary or optional undercertain circumstances. Additionally, certain steps or functionality maybe added to the disclosed embodiments, or the order of performance oftwo or more steps permuted. All such variations are considered to beencompassed within the invention disclosed and claimed herein.

While the above detailed description has shown, described, and pointedout novel features of the invention as applied to various embodiments,it will be understood that various omissions, substitutions, and changesin the form and details of the device or process illustrated may be madeby those skilled in the art without departing from the invention. Theforegoing description is of the best mode presently contemplated ofcarrying out the invention. This description is in no way meant to belimiting, but rather should be taken as illustrative of the generalprinciples of the invention. The scope of the invention should bedetermined with reference to the claims.

APPENDIX A © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Table Column Description/purpose Note Element Name English Name of theelement being described Tag Proposed Tag Name Tag Names should meet theMSO SOA Standard Naming Conventions for XML element names. It isexpected that XML Name Spaces are unique within a service definitionDescription Description of the XML Element Description should allow thereader enough detail to understand the use of the Element beingdescribed Cardinality The minimum number of times the XML 4. This tagmust occur 1 and only 1 Element can exist in the XSD. Example: times 4.1 2. Tag may occur 0 or 1 times but must not 2. 0 . . . 1 occur morethan one times 3. 1 . . . 2 3. Tag may occur once or twice but not lessthan once or more than twice Valid Values The valid values acceptable inthe “N/A”, any value meeting Min Element being described. Length/MaxLength and Type rules will be accepted List = XSD and/or service willenforce validation (Example: List is Y, N the XSD or the service willvalidate that the value provided in the Element is either a “Y” or an“N”) “NULL”, included in the List when a value in the list is Optional(Example: 1, 2, 3, NULL). Type Represents the type of Element and/or theString - string data type data type of the Element Decimal - decimaldata type Integer - integer data type Date - Date data type, to conformto W3C data standard formatting Time - ?? Etc . . . . (Note - additionalelement Types may be included, based on XML standards) Size Minimum andMaximum length of the “UNL”, the value has no upper limit value acceptedin the Element “n-nn”, the value has “n” as Min value and “-nn” as Maxvalue. Ex: 1-9, the value has Min value of 1 and Max value of 9.Conditionality 4. Optional 4. Field may or may not be present, 2.Required no validation 3. Conditional required 4. Prohibited 2. Tag mustbe present Designates if field is Optional, Required, 3. Tag must bepresent under specified or Conditional (required under specifiedconditions (If Customer Type = B) conditions). 4. Tag is prohibitedDefault The default value of the Element value Format Mask The formatmask of the Element value

APPENDIX B © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Data Format Element Description Tag Cardinality Type Size ConditionalityValid Values Default Mask Subject 1 . . . 1 SubscriberID The Subscriber0 . . . 1 String Conditional, Subscriber ID Required if GUID DivitionId+(provided Account Number to the are not specified. programmer throughEIS prior to calling this service) DivisionId The MSO DivisionID 0 . . .1 String Conditional, BPS Division the Required if Style Subscriber isSubscriberId not DivisionId - associated specified, Will be e.g. withignored if GSO.056 SubscriberID is specified. AccountNumber TheAccountNumber 0 . . . 1 String Conditional, Subscribers Required ifBilling SubscriberId not Account specified, Number Will be ignored ifSubscriberID is specified. Resource 1 . . . 1 ResourceID The ResourceID1 . . . m String Required “ALL” or a ResourceID specific set of the ofvalues Resource negotiated to check for with each EntitlementProgrammer. or the special These values value “ALL” will be to check forspecified entitlement in each on all programmers resources ICDassociated (Interface with their Control programmer. Document) Action 1. . . 1 ActionID The action ActionID 1 . . . 1 String Required “View*”the (The value Entitlement View may check is be followed requested to byany check number of characters of text) Environment 1 . . . 1 MediumIDThe MediumID 1 . . . 1 String Required “Internet” Environment the Actionwill be taken in SubscriberIP The IP Subscriber 0 . . . 1 StringConditional IPV4 address of IP (Required if address The MediumID =format Subscriber Internet)

APPENDIX C © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Column Meaning Content Intent (Validation) Cardinality How many times atag can (or 1. 1 1. This tag must occur 1 must) occur. Causes 2. 0 . . .1 and only 1 times error 2020 3. 1 . . . 2 2. Tag may occur 0 or 1 timesbut must not occur more than one times 3. Tag may occur once or twicebut not less than once or more than twice Type The data type of the tagcontent. String - string data type 1. Must be of type string (no realvalidation Causes error 2021 Decimal - decimal data type to do aseverything qualifies) Integer - integer data type 2. Date data type mustconform to W3C Date - Date data type, to conform tom data standardformatting. W3C data Standard formatting Time - time reference Etc . . .. (Note - additional element Types may be included, based on XMLstandards) Size Minimum and Maximum length n-nn “UNL”, the value has noupper limit of the value accepted in the “n-nn”, the value has “n” asMin value Element and “-nn” as Max value. Ex: 1-9, the value has Minvalue of 1 and Max value of 9. Conditionality Designates if field isOptional, 1. Optional 1. Field may or may not be present, no Required,Prohibited or 2. Required validation required Conditional specifiedconditions. 3. Conditional 2. Tag must be present Causes errors 2001 or2023 4. Prohibited 3. Tag must be present under specified conditions (IfCustomer Type = B) Valid Values If a field has a small set of 1. 1.0Enumerated values, all of the 2. Mr., Ms., valid values are specified.Mrs. Causes error 2024 3. B, R Format Must follow the specified (###)###-#### Must be of the specified format format. Causes error 2025

APPENDIX D © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req. Num Requirement Comments FR-0005 If the ResourceID “ALL” isspecified it should be the one an only ResourceID specified or therequest should be rejected.

APPENDIX E © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Format Data Element Description Tag Cardinality Type Size ConditionalityValid Values Default Mask Authorization 1 . . . m (1 per ResourceID)ResourceID 1 . . . 1 String Required A specific set of values negotiatedwith each Programmer. These values will be specified in each programmersICD (Interface Control Document) Decision 1 . . . 1 String Required“Permit”, “Deny”, “Not Applicable”, “Indeterminate” Reason 0 . . . 1String Optional SubscriberMessage 0 . . . 1 String Optional Expiration 0. . . 1 String Conditional W3C Combined YYYY- (Required if Date/Time UTCMMDDT Decision = (Zulu) HH: “Permit”) MM:SSZ

APPENDIX F © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req. Num Requirement Comments FR-0010 For each valid ResourceID, theService must respond with a The request was successfully processed andthe decision of “Permit” if the request was successfully validatedsubscriber should be granted access to the resource and processed end toend without error and the service through the specified expiry withoutfurther entitlement unequivocally determined that the subscriber shouldhave the requests. right to perform the requested action via thespecified medium on the specified resource. FR-0020 For each validResourceID, the Service must respond with a The request was successfullyprocessed and the decision of “Deny” if the request was successfullyvalidated and subscriber should not be granted access to the resource.processed end to end without error and the service This decision isbased on dynamic information so an unequivocally determined that thesubscriber should not have identical request in the future may result ina different the right to perform the requested action via the specifieddecision. medium on the specified resource. FR-0030 Expiry must bereturned for Permit responses and should be calculated as system time +a configurable amount of time based on external resource ID. FR-0040 EISmay return mixed case DivisionID's so they must be converted to uppercase prior to any further processing FR-0050 The Programmer must displayto the subscriber any content returned in the SubscriberMessage. Theprogrammer may not use any data retuned in the SubscriberMessage for anyreason other than displaying it to a subscriber.

APPENDIX G © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req. Num Requirement Comments ER-0010 The service must implement anyglobal validation rules (as Refer to SOA Error Handling Guidelinesoutlined in section 2.2 or SOA Error Guidelines) based on the Requestand Response tables in this FRD ER-0030 The service must be designed andbuilt according to the Refer to Standardized Contract GuidelinesStandard Contract Guidelines when using the MSO SOA Environment. ER-0040The components providing this service must log Messages Refer to SOALogging Guidelines and Exceptions according to the guidelines outlinedin the SOA Logging Standards in the MSO SOA Environment ER-0050 For eachResourceID, the Service must respond with a The request was notsuccessfully processed decision of “Not Applicable” if the request couldnot be because one or more values in the request were successfullyvalidated because an unknown ResourceID or invalid. This indicates avalue passed by the SubscriberID was provided or if a ResoureeID wasprogrammer was not recognized and the] specified that was not associatedwith the specified programmer needs to take steps to correct thisProgrammer (SystemID) before issuing a revised request. ER-0060 For eachvalid ResourceID, the Service must respond with a The validated requestwas not successfully decision of “Indeterminate” if the successfullyvalidated processed due to a MSO system error. MSO request could not besuccessfully processed due to a system operation will be alerted tothese so normal error during the end to end process of the service.operations can be restored. A programmer can periodically retry arequest receiving this response.

APPENDIX H © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Code Message Notes 2000 Validation Exception: <details of exception>Request not executed due to a violation or violations of business rulesfor a request. This error is only issued for validation errors notenumerated in the remaining 2000 series errors below. 2001 MissingRequired Field: <Field> This should only occur when a blank value isspecified for a required field. This is enough to get by the WSDL whichonly checks length, but the adapter will trim blanks before testinglength. 2002 More than one wildcard in request: <fieldname Issued inSearchForAccountBySet when more than one wildcard (“*”) is used in awith request. wildcards> 2003 Invalid Range in Request Field, beginningof Used in multiple services when a range is not of the format<low>-<high> range must be less than or equal to end of range:<tag:range> 2004 DivisionID Not Found: <DivisionId> Used when acomponent does not recognize a DivisionID 2005 Maximum Return Rows mustbe greater than zero Used in Search for Account by set whenMaxReturnRows = blank or zero 2006 Wildcard must be in last Used insearch for account by set when a wildcard (“*”) is in any other positionbut the position: <fieldvalue> end/last of a field. 2007 No SearchParameters Provided Used in search for account by Set when none of thesearch fields have search criteria in them. 2008 Invalid Value forRequest Field: <tag:value> Used when an invalid value is detected in afield 2009 Invalid Search Combination: <explanation> Used inSearchForAccountBy set and RetrieveStatementLedger when an invalidcombination of search criteria is used. 2010 Multiple wildcard searchesnot allowed. Used in SearchForAccountBySet when wildcard (“*”) isspecified in more than one search field. 2011 Missing Conditional Field:<tag:condition> Used to indicate that a conditional field is requireddue to some condition but that there is no tag for that field or thereis no data content for the tag. 2012 IBS Type invalid for destinationIBS Used by Conductor if IbsType = ICOMS and the DivisionId indicates anACP division as the destination or IbsType = ACP and the DivisionIdindicates an ICOMS division 2013 Invalid IBS Type: <tag:value> Used byconductor if IbsType<>ICOMS or ACP 2014 Element to replace not found:<element> Used by Conductor when the field it is supposed to replacewith a value in a subsequent service call is not present (therefore itcan not do the substitution) 2015 Multiple values for element to replacefound: Used by Conductor when there are multiple instances of the fieldit is supposed to <Element>:<Values> replace with a value in asubsequent service call (therefore it can not do the substitution) 2016Syntax error in request: <error> Used by Conductor when it detects asyntax error in the request it is processing (therefore it can notprocess the request). 2017 Invalid Content for Tag: <tag:content> Usedby Conductor when it detects an invalid value for the content of afield. 2018 Conditional Cardinality Used to indicate a conditionalcardinality violation. Static violations will be handled by violation:<tag:value:condition> WSDLs but where this validation is conditionalbased on complex business rules or in downstream components, this errorwould indicate the validation error. 2020 Conditional Type Used toindicate a conditional type violation. Static violations will be handledby Violation: <tag:type:condition> WSDLs but where this validation isconditional based on complex business rules or in downstream components,this error would indicate the validation error. 2021 Conditional LengthViolation.: Used to indicate a conditional type violation. Staticviolations will be handled by <tag:length:condition> WSDLs but wherethis validation is conditional based on complex business rules or indownstream components, this error would indicate the validation error.2022 Conditional Length Violation.: Used to indicate a conditionallength violation. Static violations will be handled by<tag:length:condition> WSDLs but where this validation is conditionalbased on complex business rules or in downstream components, this errorwould indicate the validation error. 2024 Conditional Valid Value Usedto indicate a conditional value violation. Static violations will behandled by Violation: <tag:value:condition> WSDLs but where thisvalidation is conditional based on complex business rules or indownstream components, this error would indicate the validation error.2025 Conditional Format Used to indicate a conditional format violation.Static violations will be handled by Violation: <tag:value:condition>WSDLs but where this validation is conditional based on complex businessrules or in downstream components, this error would indicate thevalidation error. 2026 Business Rule Violation: <tag:value:rule> Used toindicate a complex business rule violation. Static violations will behandled by WSDLs but where this validation is conditional based oncomplex business rules or in downstream components, this error wouldindicate the validation error. 2028 Service Temporarily Disabled:<service> Used to indicate that a service could not be executed becausethe entire service has been temporarily disabled via SOA configuration.Note if there is more than one reason a service could not be executed,all reasons should be returned. 2029 Division Temporarily Disabled:<division> Used to indicate that a service could not be executed becausethe entire destination division has been disabled via SOA configuration.Note if there is more than one reason a service could not be executed,all reasons should be returned. 2030 Constituent Temporarily Disabled:Used to indicate that a service could not be executed because thisconstituent has been <constituent> disabled via SOA configuration. Noteif there is more than one reason a service could not be executed, allreasons should be returned. 2031 Constituent:service:divisioncombination Used to indicate that a service could not be executedbecause this combination of temporarily disabled:Service/Constituent/Division has been temporarily disabled via SOAconfiguration. <constituent:service:division> Note if there is more thanone reason a service could not be executed, all reasons should bereturned. 2032 Service not configured Used to indicate that a servicecould not be executed because the entire service has not been authorizedvia SOA configuration. Note if there is more than one reason a servicecould not be executed, all reasons should be returned. 2033 Division notconfigured Used to indicate that a service could not be executed becausethe entire destination division has not been authorized via SOAconfiguration. Note if there is more than one reason a service could notbe executed, all reasons should be returned. 2034 Constituent notconfigured Used to indicate that a service could not be executed becausethis constituent has been not been authorized via SOA configuration.Note if there is more than one reason a service could not be executed,all reasons should be returned. 2035 Constituent:service:divisioncombination not Used to indicate that a service could not be executedbecause this combination of configured: <constituent:service:Division>Service/Constituent/Division has not been authorized via SOAconfiguration. Note if there is more than one reason a service could notbe executed, all reasons should be returned. 2040 API Not Supported:<BosslApiName> Used by RadBossl service when the requested BOSSL API isnot in the configurable list of authorized APIs 2042 ValidationException, request exceeded Used by RadBossl service when the requestedBOSSL API exceeds the configurable maximum allowed duration: <duration>maximum duration. 2043 Retrieval by MAC address not supported yet Usedby services who's WSDL's have been updated to accept MAC address inaddition to Account# but who's adapters have not yet been updated toaccept MAC address 2044 Fraud Detection Alert - Too many Indicates toomany calls from too many locations in a given period of time. Whileactive requests: originally developed for QueryEntitlement it could beuseable for other services in the<Service:MaxRequests:Duration:Sessions:IP> future. e.g. Fraud DetectionAlert - Too many active requests: QueryEntitlement: MaxRequests = 20:Duration = 2 hours: 51 Requests: RequestIp = 1.2.4.4

APPENDIX I © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Decision Condition SOA Logging Reason Reason Description ProgrammerExpectation Permit The QE service executed Routine success logging 0000The programmer will permit the end to end with no system errors with noexceptions subscriber to begin access to the and the subscriber wasfound to specified resource at any time have rights to the Resourcethrough the EXPIRY and display to (Archive account and active thesubscriber any service) SubscriberMessage returned whenever a subscriberattempts to access that resource. Deny The QE service executed end toRoutine success logging 0001 Not subscribed to The programmer will denythe end with no system errors and the with no exceptions view content.Please subscriber access to the specified subscriber was found to NOThave contact MSO to find resource at any time through the rights to theResource (Active out further details EXPIRY and display to the Accountbut not Active service) for accessing on-line subscriber anySubscriberMessage programming returned whenever a subscriber attempts toaccess that resource. Deny The QE service received requests SOAException log 2044 - 0002 Too many active The programmer will deny thefrom too many unique IP addresses Fraud Detection Alert - viewinglocations. subscriber access to the specified for a particularsubscriber Too many active There have been resource at any time throughthe (configurable) within a period of requests: WW requests from EXPIRYand display to the time (configurable). If in the last XQueryEntitlement: unique locations in subscriber any SubscriberMessagehours there were more than Y QE MaxRequests = 20: the past XX hoursreturned whenever a subscriber requests for this Subscriber withDuration = 2 hours: 51 and only YY attempts to access that resource.unique SubscriberIPs then DENY Requests: RequestIp = requests are allrequested ResourceIds 1.2.3.4 permitted. Please ensure your logincredentials are secure. Not If friendly rollout feature is turned SOAException log 2024 0003 This system is The programmer will deny theApplicable on for the programmer and the Conditional Valid Valuecurrently in TRIAL subscriber access to the specified subscriber is notin the Violation: <Subscriber: with a limited resource at any timethrough the list of friendlies for that xxx number of specific EXPIRYand display to the programmer the service should not part of FriendlySubscribers. Your subscriber any SubscriberMessage respond in this wayRollout ID was not in the returned whenever a subscriber Group) listselected for this attempts to access that resource. trial. The system isThe programmer will deny the currently in Market subscriber access tothe specified Not If the MarketTrial feature is turned SOA Exception Log0004 Trial limited to resource at any time through the Applicable on forthe service and the division 2029 - particular markets EXPIRY anddisplay to the has not been configured for the Division Temporarily andthe subscriber subscriber any SubscriberMessage service the serviceshould respond Disabled: <division> was not within a returned whenever asubscriber in this way. TRIAL Market. attempts to access that resource.NotApplicable The QE service passed a SystemID SOA Exception log 20240005 SystemID not The programmer will deny the that was not configured.Conditional Valid Value Recognized subscriber access to the specifiedViolation: resource at any time through the <tag:value:condition> EXPIRYand display to the subscriber any SubscriberMessage returned whenever asubscriber attempts to access that resource. As this is likely aconfiguration issue between the programmer and MSO, they will opentrouble tickets and work to resolve the configuration issue.NotApplicable The QE service passed a SOA Exception log 2024 0006ResourceID not The programmer will deny the ResourceID that was notConditional Valid Value Recognized subscriber access to the specifiedconfigured. Violation: resource at any time through the<tag:value:condition> EXPIRY and display to the subscriber anySubscriberMessage returned whenever a subscriber attempts to access thatresource. As this is likely a configuration issue programmer and MSO,they will open trouble tickets and work to resolve the configurationissue. NotApplicable The QE service passed a Routine success logging0007 SubscriberID not The programmer will deny the SubscriberID that waswith no exceptions Recognized subscriber access to the specified invalidor not found in resource at any time through the EIS or Billing Systemor EXPIRY and display to the not Active in the billing subscriber anySubscriberMessage system returned whenever a subscriber attempts toaccess that resource. This means the SubscriberID is no longer valid andthat the programmer should have the subscriber re- authenticate with MSO(and in the case of a federated identity, remove that federation untilthe subscriber re- authenticates and re-federates) It is possible thatthis entity is no longer a subscriber and will not be able tore-authenticate/re-federate) NotApplicable The QE service passed aRoutine success logging 0008 Account not The programmer will deny theDivisionID and with no exceptions Recognized subscriber access to thespecified AccountNumber that resource at any time through the wasinvalid or not found EXPIRY and display to the in SOA or Billingsubscriber any SubscriberMessage System or not Active in returnedwhenever a subscriber the billing system attempts to access thatresource. This means the SubscriberID is no longer valid and that theprogrammer should have the subscriber re- authenticate with MSO (and inthe case of a federated identity, remove that federation until thesubscriber re- authenticates and re-federates) It is possible that thisentity is no longer a subscriber and will not be able tore-authenticate/re-federate) NotApplicable The QE service passed a SOAException log 2024 0009 ResourceID not The programmer will deny theResourceID that was not Conditional Valid Value associated withsubscriber access to the specified Associated with the SystemIDViolation: SystemID resource at any time through the<tag:value:condition> EXPIRY and display to the subscriber anySubscriberMessage returned whenever a subscriber attempts to access thatresource. As this is likely a configuration issue between the programmerand MSO, they will open trouble tickets and work to resolve theconfiguration issue. NotApplicable The QE service passed a 2020Conditional 0010 Only one The programmer will deny the ResourceID of“ALL” Cardinality ResourceID may be subscriber access to the specifiedand one or more violation: <tag:value:Only specified when resource atany time through the additional ResourceID's one ResourceID may be usingEXPIRY and display to the specified when using ALL subscriber anySubscriberMessage ALL> returned whenever a subscriber attempts to accessthat resource. As this is likely a configuration or code issue betweenthe programmer and MSO, they will open trouble tickets and work toresolve the issue. NotApplicable Any 2000 series SOA Standard SOA error0011 Standard SOA error The programmer will deny the error notexplicitly logging message sent to subscriber access to the specifiedaddressed above SOA log. E.g. resource at any time through the “2033 -Validation EXPIRY and display to the Exception - Division subscriber anySubscriberMessage not configured: returned whenever a subscriberGSO.056” attempts to access that resource. As this is likely aconfiguration or code issue between the programmer and MSO, they willopen trouble tickets and work to resolve the issue. Indeterminate QEcall to EIS failed or SOA Exception log 4024 - 0012 Unable to completeThe programmer will either DENY timed out EIS Call Failure:authorization access to the subscriber and display<apiName:apiREsponse>) request at this time, to the subscriber anyplease try again SubscriberMessage Returned OR The later. programmer mayuse a cached Authorization response for this subscriber for thisresource for this IP address that had a response other thanIndeterminate and has expired within the last 30 days to determineAuthorization. As this is likely a temporary system outage on MSO's parta new authorization request should be performed each time a subscriberattempts access until the outage is corrected. An outage should bereported to MSO by the programmer. Indeterminate QE call to BILLING OAException log 0013 Unable to complete The programmer will either DENYfailed (for a reason other applicable 4000 series authorization accessto the subscriber and display than Account not found) issue request atthis time, to the subscriber any or timed out (SQL, API, BOSSL etc)please try again SubscriberMessage Returned OR The later. programmer mayuse a cached Authorization response for this subscriber for thisresource for this IP address that had a response other thanIndeterminate and has expired within the last 30 days to determineAuthorization. As this is likely a temporary system outage on MSO's parta new authorization request should be performed each time a subscriberattempts access until the outage is corrected. An outage should bereported to MSO by the programmer. Indeterminate QE call to CVC failedor SOA Exception log 0015 Unable to complete The programmer will eitherDENY timed out or CVC DBI applicable 4000 series authorization access tothe subscriber and display or Org ID does not exist issue request to thesubscriber any or “4012, at this time, please SubscriberMessage returnedOR The description = Retrieval try again later. programmer may use acached Exception, message = Authorization Value not Found, CVC responsefor this subscriber for this Data need updating: -DBI resource for thisIP address that had a xxx/Org Id response other than Indeterminate xxx,system = SOA.” and has expired within the last 30 in the case of a daysto determine Authorization. missing DBI/OrgId As this is likely atemporary system outage on MSO's part a new authorization request shouldbe performed each time a subscriber attempts access until the outage iscorrected. An outage should be reported to MSO by the programmer.Indeterminate QE translation of SOA Exception log 2024 0016 Unable tocomplete The programmer will either DENY External ResourceID orConditional Valid Value authorization access to the subscriber anddisplay CVC Common Code to Violation: request to the subscriber anyInternal ResourceID <tag:value:condition> at this time, pleaseSubscriberMessage returned could not be completed due to try againlater. OR The programmer may use a missing mapping. cached Authorizationresponse for this subscriber for this resource for this IP address thathad a response other than Indeterminate and has expired within the last30 days to determine Authorization. As this is likely a temporary systemoutage on MSO's part a new authorization request should be performedeach time a subscriber attempts access until the outage is corrected. Anoutage should be reported to MSO by the programmer. Indeterminate QEconfiguration does SOA Exception Log 0017 Unable to complete Theprogrammer will either DENY not permit this operation 2028-2035authorization access to the SU display to the request subscriber anySubscriberMessage at this time, please returned OR The programmer maytry again later. use a cached Authorization response for this subscriberfor this resource for this IP address that had a response other thanIndeterminate and has expired within the last 30 days to determineAuthorization. As this is likely a temporary system outage on MSO's parta new authorization request should be performed each time a subscriberattempts access until the outage is corrected. An outage should bereported to MSO by the programmer and/or subscriber Indeterminate Anyother SOA error SOA Exception Log 0018 An unexpected error Theprogrammer will either DENY (3000-6000) not explicitly noted Entryoccurred within access to the subscriber and display above. MSOsystems - to the subscriber any Please refer to SOA SubscriberMessagereturned OR The error #### if you programmer may use a cached follow upwith MSO Authorization response for this support subscriber for thisresource for this IP address that had a response other thanIndeterminate and has expired within the last 30 days to determineAuthorization. As this is likely a temporary system outage on MSO's parta new authorization request should be performed each time a subscriberattempts access until the outage is corrected. An outage should bereported to MSO by the programmer.

APPENDIX J © Copyright 2010 Time Warner Cable, Inc. All rights reserved.BR Identifier Name Description Example BR-0010 Decision The Decisionmust be calculated based on the table below BR-0020 SOA SOA Logging mustbe Logging performed as detailed in the table below BR-0030 Decision TheReason must be returned based on the table below BR-0040 SOA In SOAerrors there is often Condition additional information included afterthe predefined error message (condition, details etc). It is recommendedthat the data sent to the programmer in Reason be included as this partof the SOA error message BR-0050 Programmer A programmer must possess anIt is recommended that a programmer Entitlement unexpired PERMITresponse for perform a QE call (ResourceID = ALL Enforcement aparticular subscriber, for a preferred) upon a successful subscriberparticular IP address, for a login (for either federated or nonparticular resource prior to federated logins) of MSO subscribers.allowing a subscriber access to that protected resource. BR-0060Programmer A programmer must cache QE Note that an entitlement PERMITEntitlement PERMIT responses such that duration specifies a period forwhich caching subsequent QE calls are only INITIATING a viewing requestshould be for made when a programmer no granted. The viewing duration ofthe “Permit” longer requested content is immaterial and the resultspossesses an unexpired viewing duration within a session may PERMIT fora specified continue past a PERMIT expiry periodsubscriber/ipaddress/resource. without another entitlement request.BR-0065 Programmer A programmer may cache QE An “Indeterminate” QEresponse Entitlement PERMIT results for up to a indicates a systemoutage of some sort on caching maximum of 30 days beyond MSO's end andthat an entitlement check for their Expiry and use these could not becompleted. In this case, if a “Indeterminate” cached programmer hascached a previous QE results results ONLY in the event of an result fora particular “Indeterminate” response fromSubscriberID/ipaddress/resource and this the QE service (note this isresult has expired within the last 30 days, optional at the programmer'sthe programmer may use that cached discretion). result to determineentitlement even though it is expired. BR-0070 Programmer A programmermust honor QE Entitlement response expiry data and make Expiry anotherQE request prior to honorin allowing a subscriber to view protectedcontent (when no unexpired PERMIT remains for that content) BR-0080 SOASOA must provide two Fraud configurable values associated Detection withthe QueryEntitlement Config Service 1) MaxUniqueIP's per period 2)HoursForUniqueIPCheckPeriod BR-0090 SOA SOA must provide a Units = hoursEntitlement EntitlementExpiriryPeriod Expiry configuration Parameter perResourceID that will be used as the default PERMIT expiration durationfor that resource (previously one default of 24 hours was used for allresources) The default value for this period will be 2 hours. BR-0095SOA SOA must DENY all resources Fraud on a QE request if more thanPrevention MaxUniqueIp's unique IP addresses were contained in QErequests for a particular subscriber in the previousHoursForUniqueIPCheckPeriod hours. BR-0110 Market The service mustprovide the If programmer TBS is in a Market trial in Trial configurableability by NYC only (they may be in a trial in Mode programmer for theservice to multiple markets) and a\ request is translate 2029 - Divisionreceived for a market that is not enable Temporarily Disabled: for thatprogrammer—say Los Angeles, <division> errors to the Reason should be0004 if the market Programmer trial flag is ON and 0017 if OFF Reason0004 This must be configurable via the SOA admin console and not requireany code change or deployment. BR-0120 Subscriber The service mustprovide the If in DEV or QA a QE response is Message configurableability by Reason, PERMIT for a GSO subscriber (Reason Configuration byDivision to return 0000), the value of SubscriberMessage configurabletext in the should be “GSO Subscriber Permitted SubscriberMessageresponse Access Message 0000” tag. (see SubscriberMessage table fordetails) These messages must be configurable via the SOA Admin consoleand require no coding or deployment to change.

APPENDIX K © Copyright 2010 Time Warner Cable, Inc. All rights reserved.NYC GSO OTHER 0000 NYC Subscriber GSO Subscriber Permitted AccessPermitted Access Message 0000 Message 0000 0001 NYC Subscriber GSOSubscriber It does not appear that you are currently subscribed toDenied Denied this content via MSO. Please visit Access Message 0001Access Message 0001 http://www.website.com and click on CONTACT US tosubscribe or answer any questions you may have 0002 NYC Subscriber GSOSubscriber You have too many active Authorizations from too DeniedDenied many locations at this time. Please ensure your MSO FraudDetection Fraud Detection login credentials are secure. Go tohttp://www.website.com Message 0002 Message 0002 and click on CONTACT USto answer any questions you may have. 0003 NYC Not Applicable GSO NotApplicable This system is currently only open to a limited FriendliesTrial Friendlies Trial number of TRIAL users and it does not appear youMessage 0003 Message 0003 are on the list of trial users. If you believeyou have gotten this message in error please follow the trouble shootinginstructions included in your TRIAL notifications. 0004 NYC NotApplicable GSO Not Applicable This system is currently only open to alimited Market Trial Message Market Trial Message number of TRIALmarkets and it does not appear you 0004 0004 are in one of the trialmarkets. If you believe you have gotten this message in error pleasefollow the trouble shooting instructions included in your TRIALnotifications. 0005 NYC Not Applicable GSO Not Applicable UnknownProgrammer Unknown Message 0005 Programmer Message 0005 0006 NYC NotApplicable GSO Not Applicable Unknown Resource Unknown Resource Message0006 Message 0006 0007 NYC Not Applicable GSO Not Applicable YourSubscriberId was not recognized. Try logging Subscriber IdentifierSubscriber Identifier in again or Go to http://www.website.com and clickMessage 0007 Message 0007 on CONTACT US to answer any questions you mayhave. 0008 NYC Not Applicable GSO Not Applicable Your Account Number wasnot recognized. Try Account Identifier Account Identifier logging inagain or Go to http://www.website com Message 0008 Message 0008 andclick on CONTACT US to answer any questions you may have. 0009 NYC NotApplicable GSO Not Applicable ResourceID not ResourceID not Associatedwith Associated with Programmer Message Programmer Message 0009 00090010 NYC Not Applicable GSO Not Applicable Too Many Resources Toospecified with ALL Many Resources Message 0010 specified with ALLMessage 0010 0011 NYC Not Applicable GSO Not Applicable UnenumeratedUnenumerated Validation Validation Error Message 0011 Error Message 00110012 NYC Indeterminate GSO Indeterminate Your request cannot beprocessed at this time but we EIS EIS are working to restore normaloperation. Please try Failure Message 0012 Failure Message 0012 yourrequest again later. If you still have questions or concerns please Goto http://www.website.com and click on CONTACT US 0013 NYC IndeterminateGSO Indeterminate Your request cannot be processed at this time but weBILLING Failure BILLING Failure are working to restore normal operation.Please try Message 0013 Message 0013 your request again later. If youstill have questions or concerns please Go to http://www.website.com andclick on CONTACT US 0014 NYC Indeterminate GSO Indeterminate Yourrequest cannot be processed at this time but we MiddleTier FailureMiddleTier Failure are working to restore normal operation. Please tryMessage 0014 Message 0014 your request again later. If you still havequestions or concerns please Go to http://www.website.com and click onCONTACT US 0015 NYC Indeterminate GSO Indeterminate Your request cannotbe processed at this time but we CVC CVC are working to restore normaloperation. Please try OrgID Failure OrgID Failure your request againlater. If you still have questions or Message Message concerns please Goto http://www.website.com and 0015 0015 click on CONTACT US 0016 NYCIndeterminate GSO Indeterminate Your request cannot be processed at thistime but we ResourceID ResourceID are working to restore normaloperation. Please try Translation Translation your request again later.If you still have questions or Failure Message 0016 Failure Message 0016concerns please Go to http://www.website.com and click on CONTACT US0017 NYC Indeterminate GSO Indeterminate Your request cannot beprocessed at this time but we SOA SOA are working to restore normaloperation. Please try Config Restriction Config Restriction your requestagain later. If you still have questions or Failure Message 0017 FailureMessage 0017 concerns please Go to http://www.website.com and click onCONTACT US 0018 NYC Indeterminate GSO Indeterminate Your request cannotbe processed at this time but we Unenumerated SOA Unenumerated SOA areworking to restore normal operation. Please try Failure Message 0018Failure Message 0018 your request again later. If you still havequestions or concerns please Go to http://www.website.com and click onCONTACT US

APPENDIX L © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req Num Requirement Comments PR-0010 The average response time for Allresponse times are measured QueryEntitlement must not exceed 2 frominitial request to final seconds response. For all response times in QAthis is to be measured using 1000 or more random calls and in productionthis is measured as the average of all calls over a 24 hour or greaterreporting period. PR-0020 The Maximum response time of Any response timeover 5 seconds QueryEntitlement must not exceed 5 will be considered anoutage. seconds. PR-0030 QueryEntitlement Must initially support A loadtest at this level is expected 300 transactions per second average in inthe production or a production Production (500tps peak) like environmentbefore turning up Production access for programmers. PR-0040 QueryEntitlement must be scalable to 20,000 transactions per second averageas defined by a series of quarterly forecasts provided to operations 3months in advance of increased need. (subject to budget constraints).PR-0050 Operations is responsible for providing 1TB of production SOAConfig DB space to house CVC data feeds and is responsible for theproduction nightly loads of the nightly CVC Extracts in production.PR-0060 Operations is responsible for providing 100 gb of DEV and QAspace house CVC data feeds for two divisions (GSO, NYC) for developmentand testing purposes and for loading periodic feeds on a weekly tomonthly basis. PR-0070 Operations is responsible for providing 3TB ofadditional SOA logging DB space to account for the additional loggingvolumes from this service and tuning the database for appropriateperformance (logged items must be available in the logging databasewithin 5 minutes of being logged to the JMS queue). PR-0080 CVC isresponsible for providing periodic DEV and QA feeds for GSO and NYCdivisions as well as providing nightly feeds for all divisions inProduction as defined in the SDA Business Requirements Document (Sep09)

APPENDIX M © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req Num Requirement Comments PR-0010 Query Entitlement must have an upAny responses of Indeterminate are time of 99.99% measured on anyconsidered an outage. Any responses period of not less than one day andnot exceeding a maximum of 5 seconds response more than one year. (notethis is for time are considered an outage. The sum total TRIAL purposes.duration of all transactions having an indeterminate value or takinglonger than 5 seconds will be added to the outage duration for any givenperiod.

APPENDIX N © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req Num Requirement Comments OR-0010 SOA must access “Services onScalability requirement. Account” data and “Division SpecificServiceCode to EnterpriseServiceCode” mappings in a middle tier datastore and NOT retrieve any information directly from the billingsystems. OR-0020 Prior to each release Development and Operations willmeet with the BA to revise/update the List of Resources, and all mappingto/from those resources through to the Service code to resourcemappings.

APPENDIX O © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req Num Requirement Comments OR-0020 The Service must provide a publicXML interface to Constituents using SOAP over HTTPS OR-0030 The Servicemust use a socket- based protocol when communicating with the ICOMS API.OR-0040 The Service must communicate with the CSG Smartlink BOSinterface via XML using HTTP over TCP/IP protocol.

APPENDIX P © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req Num Requirement Comments SR-0010 The Service must meet all MSOSecurity Compliance requirements for customer payments. SR-0020 TheService must require It is assumed that all encrypted data transfersfrom the calling Constituents will Calling Constituent (but not callthis service from between the back end systems) outside the MSO firewallbut backend calls will be behind MSO corporate firewalls.

APPENDIX Q © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req Num Requirement Comments MR-0010 Logging must occur for both therequest and response XML of this Service. MR-0020 Logging informationmust be recorded such that transaction usage volumes can be reportedupon by calling Constituent. MR-0030 Logging information must beProducing Constituents for this recorded such that the time in serviceinclude CSG and ICOMS. milliseconds for the Request, Response, andProducing Constituent processing time can be reported. MR-0040 Thesystem must satisfy all Logging requirements outlined in SOA LoggingRequirements Document MR-0050 The production SOA DB Logging system mustbe up 99.99% of the time MR-0060 The QE service must log the followingbusiness keys as part of this services log entries: a) SubscriberID(NEW) b) AccountNumber c) DivisionId d) Constituent e) ServiceName f)Response (NEW) g) Reason (NEW) h) IP (NEW) MR-0070 Query Entitlementmust be The initial value for each of these monitored such that ancategories is 5 This is the operational alert is suggested value forTRIAL and generated whenever there are a would be raised for productionconfigurable number of based on expected transaction consecutivevolumes. Alternatively just raise errors occur in any of the an alertwhen more than a given following categories: number of exceptionsoccurred a) From a particular Programmer (of any type) in a given periodof b) For a particular Division time for a given service. c) For aparticular Resource d) Any single SOA error code e) Transactions > maxpermitted transaction time MR-0080 QueryEntitlement must be issued Theinitial value is 10 minutes. If a health check transaction every thehealth check fails an outage configurable number of minutes. will becalculated for the time between the last successful transaction beforethe health check and the next successful transaction after the healthcheck. MR-0090 Daily, Weekly, and Monthly Daily reports will begenerated outage reports must be generated before noon on a given dayand for QueryEntitlement totaling the report on the 24 hour period ofoutage duration and % for the the preceding day. Weekly reports givenperiod. Reports will be generated before noon every Sunday and report onthe preceding 7 days Monthly reports will be generated before noon onthe first of each month and report on the preceding month. MR-0100Operations must create a trouble ticket for any operational alert within10 minutes 95% of the time, deliver an initial “acknowledgement” of theticket within 10 minutes @ 95% of the time, provide status updates to apre-define distribution list every 15-30 minutes @ 95% of the time, andresolve issues within 60 minutes of ticket submission @ 95% of the time.MR-0110 Any Outage(s) resulting in non 99.999% permits about 9 hours ofcompliance with operational up down time a year and 99.99% time shallcause a post mortem to permits about 90 hours of down be convened inorder to identify time a year. the root cause of the issue and produce acosted scheduled plan to correct it in a future release of the service.MR-0120 Operations will provide daily, Fields and definitions in theseweekly, and monthly SOA reports are taken from the SOA Service SummaryLogging Logging Requirements Document Report by Service Reports (seeReporting section. sample below) to business owners of TVE MR-0130Operations will provide daily, Fields and definitions in these weekly,and monthly SOA reports are taken from the SOA Service Summary LoggingLogging Requirements Document Report by Service Reports (see Reportingsection. sample below) to business owners of TVE for the QueryEntitlement Service MR-0140 Operations will provide daily, Fields anddefinitions in these weekly, and monthly SOA reports are taken from theSOA Service Summary Logging Logging Requirements Document Report byService by Constituent Reporting section. (see sample below) to businessowners of TVE for the Query Entitlement Service MR-0150 Operations willprovide daily, Fields and definitions in these weekly, and monthly SOAQuery reports are taken from the SOA Entitlement Response SummaryLogging Requirements Document by Programmer Reports (see Reportingsection. sample below) to business owners of TVE for the QueryEntitlement Service MR-0160 Operations will provide daily, Fields anddefinitions in these weekly, and monthly SOA reports are taken from theSOA Summary—Transaction Volumes Logging Requirements Document by ServiceBy Hour of Day Reporting section. Reports (see sample below) to businessowners of TVE for the Query Entitlement Service

APPENDIX R © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Sample SOA Service Summary Logging Report by Service SOA Service SummaryLogging Report by Jun. 01, 2009-Jun. 07, 2009 Service Query EntitlementAverage total successful service call duration 1.5 Seconds Average totalsuccessful service call wait   1 Seconds Percentage wait/duration 66.67%Average total unsuccessful service call 1.2 Seconds duration Percentageunsuccessful Duration/ 80.00% successful Duration Number of successfultransactions 120,960,000 Transactions Percentage successful transactions95.24% Number of unsuccessful transactions  6,048,000 TransactionsPercentage unsuccessful transactions 4.76% SOA Service Summary LoggingReport by Service by Constituent SOA Service Summary Logging Report byJun. 01, 2009-Jun. 07, 2009 Service by Constituent Query EntitlementTurner Broadcasting Average total successful service call duration 1.4Average total successful service call wait 0.9 Percentage wait/duration71.43% Average total unsuccessful service call 1.2 duration Percentageunsuccessful Duration/ 85.71% successful Duration Number of successfultransactions 79,833,600 Percentage successful transactions 97.09% Numberof unsuccessful transactions 2,395,008 Percentage unsuccessfultransactions 2.91% NBCU Average total successful service call 1.6duration Average total successful service call wait 1.2 Percentagewait/duration 75.00% Average total unsuccessful service call 1.2duration Percentage unsuccessful Duration/ 80.00% successful DurationNumber of successful transactions 39,916,800 Percentage successfultransactions 95.24% Number of unsuccessful transactions 1,995,840Percentage unsuccessful transactions 4.76%

APPENDIX S © Copyright 2010 Time Warner Cable, Inc. All rights reserved.Req Num Requirement Comments DR-0010 The system must support DR thatthat provides continuous normal operations with the partial or completefailure of any single data center. DR-0020 The System must support DRthat provides for the reestablishment of normal operations within 30days after the partial or complete failure of multiple data centers.

What is claimed is:
 1. A method for determining at a contentdistribution network entity permission of a subscriber of said networkto access protected content from a remote source via the Internet, saidmethod comprising: receiving at said network entity a communicationrelating to a request for said protected content from a user device,said communication being sent to said content distribution networkentity from an entity associated with said remote source; determiningwhether said user device is associated to said subscriber of saidcontent distribution network; if said user device is associated to saidsubscriber, determining whether said protected content is within anapproved level of service of said subscriber; and if said protectedcontent is within said approved level of service of said subscriber,transmitting a message to said entity associated with said remotesource, said message causing said remote source to deliver saidprotected content to said user device.
 2. The method of claim 1, whereinsaid content distribution network comprises a hybrid fiber/non-fibernetwork having at least one interface to communicate with said remotesource via the Internet, and said remote source comprises at least oneInternet-based programmer.
 3. The method of claim 1, wherein said act ofdetermining whether said user device is associated to said subscriber ofsaid network comprises requiring a user of said device to provideinformation identifying said user as a subscriber, said informationcomprising login information.
 4. The method of claim 1, wherein if saiduser device is not associated to said subscriber, said method furthercomprises transmitting a message to said entity associated with saidremote source denying service to said user device.
 5. The method ofclaim 1, wherein if said protected content is not within said approvedlevel of service of said subscriber, said method further comprisestransmitting a message to said entity associated with said remote sourcedenying service to said user device.
 6. The method of claim 1, whereinsaid communication relating to a request for said protected content froma user device comprises an obfuscated communication selected from thegroup consisting of (i) an encrypted communication; and (ii) acryptographically hashed communication.
 7. The method of claim 1,wherein said communication comprises a globally unique identifier (GUID)that identifies the remote source.
 8. The method of claim 7, whereinsaid communication comprises a globally unique identifier (GUID) thatidentifies the user device or subscriber.
 9. The method of claim 8,wherein said causing said delivery of said protected content to saiduser device comprises delivery of said protected content with a lessthan complete set of use rights.
 10. The method of claim 9, wherein saidless than complete set of use rights is determined at least in partbased on said determining whether said protected content is within alevel of service of said subscriber.
 11. The method of claim 1, whereinsaid protected content comprises first-run content not generallyavailable on said Internet.
 12. An apparatus for managing delivery of aplurality of protected content from a remote content server to aplurality of entitled users, said apparatus comprising: at least onefirst interface for receiving a plurality of information from a userdevice, said information comprising: information identifying a user ofsaid user device; and information identifying a particular one of saidplurality of protected content requested by said user; a first computerprogram configured to utilize said information identifying said user todetermine whether said user is among said plurality of entitled users; asecond computer program configured to utilize said informationidentifying said user and said information identifying said particularone of said plurality of protected content to determine whether saidparticular one of said plurality of protected content is within anauthorized service class for said user; and at least one secondinterface for transmitting at least one message to a remote contentserver, said at least one message causing said remote content sever to:(i) provide said protected content to said user device, or (ii) to denysaid user device said protected content; wherein said message is basedat least in part on said determination of whether said user is amongsaid plurality of entitled users, and said determination of whether saidparticular one of said plurality of protected content is within saidauthorized service class for said user.
 13. The apparatus of claim 12,wherein said at least one first interface comprises a website, and saidinformation identifying said user of said user device comprises logininformation and a password established by said user.
 14. The apparatusof claim 13, wherein said apparatus is associated with a managed contentdistribution network having an operator, and said website comprises athird party website not operated by said managed network operator. 15.The apparatus of claim 12, wherein said at least one first interfacereceives said plurality of information from said remote content server.16. The apparatus of claim 12, wherein said determination of whethersaid user is among said plurality of entitled users comprises queryingat least one database comprising a plurality of records, said pluralityof records correlating a plurality of identifying information torespective ones of said plurality of entitled users.
 17. The apparatusof claim 12, wherein said determination of whether said particular oneof said plurality of protected content is within said authorized serviceclass for said user comprises using said information identifying saiduser to query at least one database comprising a plurality of servicedetail records for each of said plurality of entitled users.
 18. Amethod for determining whether a user is permitted in a first network toaccess protected content associated with a second network, said methodcomprising: receiving a request for said protected content from saiduser in said first network; determining said second network to whichsaid user is associated; sending a message to said second network, saidmessage comprising: login and password information entered by said user;and said request for said protected content; and receiving, in responseto said message, a message indicating whether said user is permitted insaid first network to access said protected content associated with saidsecond network.
 19. The method of claim 18, wherein said login andpassword information comprise information pre-established at said secondnetwork to correspond to said user.
 20. The method of claim 18, whereinsaid message indicating whether said user is permitted in said secondnetwork to access said protected content is stored at an entity of saidsecond network.
 21. The method of claim 18, further comprising receivingsecond login and password information entered by said user and specificto said second network.
 22. A method of determining whether a particularone of a plurality of protected content may be provided to a user via afirst network based at least in part on service details of said user ina second network, said method comprising: receiving a request forauthorization of said user's access to said particular one of saidplurality of protected content from an entity of said first network,said request for authorization comprising at least a globally uniqueidentifier (GUID) associated with said user and information identifyingsaid particular one of said plurality of protected content; determiningin response to said request, whether a session has been established bysaid user and said second network; determining a subscriber identitywithin said second network based at least in part on said GUID;retrieving said service details associated with said user; comparingsaid service details to said information identifying said particular oneof said plurality of protected content; and if said service detailsmatch said information identifying said particular one of said pluralityof protected content, providing a message enabling said particular oneof said plurality of protected content to be delivered to said user viasaid first network.
 23. The method of claim 22, wherein said methodfurther comprises, if said service details do not match said informationidentifying said particular one of said plurality of protected content,providing a message denying said user request for delivery of saidparticular one of said plurality of protected content.
 24. The method ofclaim 22, wherein said method further comprises, if a session has notbeen established, establishing a session by requesting login informationfrom said user.
 25. The method of claim 22, wherein if the comparisonyields indeterminate results, enabling said entity of said first networkto resend said request for authorization.
 26. A method for enabling thedistribution of protected content associated with a managed contentdistribution network to subscribers of the network via the Internet,said method comprising: receiving a communication relating to a requestfor said protected content from a subscriber, said communication beingsent from an entity associated with a third party content source thathas access to said protected content; determining whether said protectedcontent is authorized for delivery to said subscriber; and if saidprotected content is authorized, causing said third party content sourceto deliver said protected content to said subscriber.
 27. The method ofclaim 26, wherein said third party content source comprises anassociated Internet website, and said subscriber logs into said websitein order to cause said communication to be sent to said managed network.28. The method of claim 27, wherein said communication is carried overat least a portion of said managed network, and said protected contentis delivered using at least a portion of said managed network.
 29. Themethod of claim 28, wherein said request from a subscriber is issuedusing consumer premises equipment (CPE) registered within said managednetwork and in operative communication therewith.
 30. The method ofclaim 26, wherein said protected content is delivered without using saidmanaged network.
 31. The method of claim 30, wherein said request from asubscriber is issued using a mobile or portable device associated withsaid subscriber yet not in communication with said managed network. 32.The method of claim 31, wherein said mobile or portable deviceassociated with said subscriber is registered with or known to saidmanaged network.
 33. The method of claim 30, wherein said request from asubscriber is issued using a mobile or portable device associated withsaid subscriber in communication with a third party network, said thirdparty network not being in direct communication with said managednetwork.
 34. A computer readable apparatus having a storage medium, themedium comprising at least one computer program adapted for use inmanaging remote requests for protected content of a managed contentdistribution network, the at least one program comprising: first logicconfigured to process a received content request from a third partyentity, said request being generated at least in part using networksubscriber login information; second logic configured to utilize atleast portions of the login information to access a subscriber databasemaintained by said network; third logic configured to determine, basedon said access and said at least portions of the login information,whether the subscriber is entitled to access said protected content; andfourth logic configured to cause issuance of a message to said thirdparty entity authorizing or denying provision of said requested contentto said subscriber by said third party entity.
 35. The apparatus ofclaim 34, wherein said received content request and said message eachcomprise messages formatted according to a standardized protocol. 36.The apparatus of claim 35, further comprising logic configured toauthenticate said third party entity using at least a Security AssertionMarkup Language (SAML) exchange.
 37. The apparatus of claim 36, furthercomprising logic configured to authenticate said third party entityusing at least an eXtensible Access Control Markup Language(XACML)-based digitally signed certificate and a Common SecureInteroperability (CSI) session.